Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zmap.arm.elf

Domains

Name

Malicious

cnc.dico-inside.com

154.216.20.164

Details

Name:	cnc.dico-inside.com
IP:	154.216.20.164
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

154.216.20.164

cnc.dico-inside.com

Seychelles

Details

IP:	154.216.20.164
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	135357
ASN name:	SKHT-ASShenzhenKatherineHengTechnologyInformationCo
Private:	false
Domain:	cnc.dico-inside.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffa8002a000

page execute read

7ffa8002a000

page execute read

7ffb85371000

page read and write

7ffb852df000

page read and write

7ffb85fb9000

page read and write

558bd03e4000

page read and write

7ffb7ffff000

page read and write

7ffb852df000

page read and write

7ffb85acd000

page read and write

7ffb85caf000

page read and write

558bd0a47000

page read and write

558bd03cd000

page execute and read and write

558bce175000

page execute read

558bd03e4000

page read and write

7ffb85961000

page read and write

558bce3cf000

page read and write

7ffb84ad7000

page read and write

7ffb84ad7000

page read and write

7ffb8593e000

page read and write

7ffb86022000

page read and write

7ffb85acd000

page read and write

7ffb85fb9000

page read and write

7ffa80032000

page read and write

7ffdb7ded000

page execute read

7ffa80035000

page read and write

558bd0a47000

page read and write

7ffb86022000

page read and write

7ffb80021000

page read and write

558bd03cd000

page execute and read and write

558bce3cf000

page read and write

7ffb85caf000

page read and write

558bce3c6000

page read and write

7ffdb7d78000

page read and write

7ffb856d3000

page read and write

7ffb856d3000

page read and write

7ffb85961000

page read and write

7ffb80021000

page read and write

7ffb85371000

page read and write

558bce175000

page execute read

7ffb7ffff000

page read and write

7ffb85e90000

page read and write

7ffb85fdd000

page read and write

7ffb85fdd000

page read and write

7ffdb7ded000

page execute read

7ffb8593e000

page read and write

558bce3c6000

page read and write

7ffa80032000

page read and write

7ffa80035000

page read and write

7ffb85e90000

page read and write

7ffdb7d78000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zmap.arm.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzmap.arm.elf

Processes

Domains

IPs

Memdumps

IOC Report
zmap.arm.elf