Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/.i.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55aa8bafb000

page execute read

7f9450e45000

page read and write

7f9450e8a000

page read and write

7f94501d9000

page read and write

7f9448021000

page read and write

55aa8f046000

page read and write

7f94507a6000

page read and write

7f9450e21000

page read and write

7f9450b17000

page read and write

55aa8dd53000

page execute and read and write

7f944f93f000

page read and write

7f9447fff000

page read and write

55aa8dd6a000

page read and write

7f9450cf8000

page read and write

7ffc84733000

page execute read

55aa8bd55000

page read and write

7f945053b000

page read and write

7f9348033000

page execute read

55aa8bd4c000

page read and write

7ffc846c3000

page read and write

7f9450935000

page read and write

7f9450147000

page read and write

7f94507c9000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
.i.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report.i.elf

Processes

IPs

Memdumps

IOC Report
.i.elf