Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

93.123.85.205:7777

Details

Name:	93.123.85.205:7777
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

93.123.85.205

unknown

Bulgaria

Details

IP:	93.123.85.205
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7efca8029000

page execute read

7efca8029000

page execute read

5654ac8c7000

page read and write

7ffc4310e000

page read and write

7efdae1f0000

page read and write

7efda8021000

page read and write

7efdadec2000

page read and write

5654ac8be000

page read and write

7efda8021000

page read and write

7efda7fff000

page read and write

7efdad4f2000

page read and write

7efdadb51000

page read and write

7efdae0a3000

page read and write

7efdadec2000

page read and write

5654ae8c5000

page execute and read and write

7efdadb74000

page read and write

7efdad584000

page read and write

7efdae235000

page read and write

7efdad8e6000

page read and write

5654ac66d000

page execute read

5654ae8dc000

page read and write

7efdadce0000

page read and write

7efca8032000

page read and write

5654ac66d000

page execute read

7efdae0a3000

page read and write

5654af78e000

page read and write

7efdaccea000

page read and write

7efdae235000

page read and write

7ffc431c9000

page execute read

7efdadb74000

page read and write

5654ae8c5000

page execute and read and write

7efdae1f0000

page read and write

7ffc431c9000

page execute read

7efda7fff000

page read and write

5654ae8dc000

page read and write

7ffc4310e000

page read and write

5654af78e000

page read and write

7efdadb51000

page read and write

7efdad8e6000

page read and write

7efca8038000

page read and write

5654ac8c7000

page read and write

7efca8038000

page read and write

7efdad584000

page read and write

7efdad4f2000

page read and write

7efdadce0000

page read and write

7efdae1cc000

page read and write

7efca8032000

page read and write

7efdae1cc000

page read and write

7efdaccea000

page read and write

5654ac8be000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf