Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zmap.arm7.elf

Domains

Name

Malicious

server.dico-inside.com

154.216.16.38

Details

Name:	server.dico-inside.com
IP:	154.216.16.38
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

154.216.16.38

server.dico-inside.com

Seychelles

Details

IP:	154.216.16.38
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	135357
ASN name:	SKHT-ASShenzhenKatherineHengTechnologyInformationCo
Private:	false
Domain:	server.dico-inside.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7ff43402f000

page execute read

7ff43402f000

page execute read

7ff53c72f000

page read and write

7ff53c54e000

page read and write

7ff53bb7e000

page read and write

7ff534021000

page read and write

7ff53c87c000

page read and write

7ffde45dc000

page execute read

55faf891d000

page read and write

7ff53c1dd000

page read and write

7ffde45dc000

page execute read

7ff53c200000

page read and write

7ff534021000

page read and write

55faf8926000

page read and write

55fafb0c7000

page read and write

7ff43403c000

page read and write

55fafa924000

page execute and read and write

55fafb0ed000

page read and write

7ff53bf72000

page read and write

7ff53bf72000

page read and write

7ff434037000

page read and write

7ff53bc10000

page read and write

7ff53c72f000

page read and write

7ff53bc10000

page read and write

7ff53c54e000

page read and write

7ff53c200000

page read and write

55faf86cc000

page execute read

7ff533fff000

page read and write

55fafa93b000

page read and write

7ff53c87c000

page read and write

7ff533fff000

page read and write

7ffde459e000

page read and write

7ff53c8c1000

page read and write

55fafb0ea000

page read and write

55faf86cc000

page execute read

7ff43403c000

page read and write

7ff53c1dd000

page read and write

55fafa924000

page execute and read and write

7ff53c858000

page read and write

7ff53c8c1000

page read and write

55faf8926000

page read and write

7ff53c36c000

page read and write

7ff53b376000

page read and write

7ff53c36c000

page read and write

7ffde459e000

page read and write

55faf891d000

page read and write

55fafa93b000

page read and write

7ff434037000

page read and write

7ff53bb7e000

page read and write

7ff53c858000

page read and write

7ff53b376000

page read and write

There are 41 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zmap.arm7.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzmap.arm7.elf

Processes

Domains

IPs

Memdumps

IOC Report
zmap.arm7.elf