Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/zmap.arm.elf

Domains

Name

Malicious

server.dico-inside.com

154.216.16.38

Details

Name:	server.dico-inside.com
IP:	154.216.16.38
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

154.216.16.38

server.dico-inside.com

Seychelles

Details

IP:	154.216.16.38
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	135357
ASN name:	SKHT-ASShenzhenKatherineHengTechnologyInformationCo
Private:	false
Domain:	server.dico-inside.com

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ff4fc02a000

page execute read

7ff4fc02a000

page execute read

7ff604197000

page read and write

55ce03af2000

page read and write

7ff603c42000

page read and write

7ff4fc032000

page read and write

55ce01955000

page read and write

7ff5fc021000

page read and write

7ff5fc021000

page read and write

7ff602c4c000

page read and write

7ff6034e6000

page read and write

7ff603e24000

page read and write

7ff603e24000

page read and write

7ff604197000

page read and write

7ff6034e6000

page read and write

7ff60412e000

page read and write

7ff60412e000

page read and write

7ff603848000

page read and write

7ff603ad6000

page read and write

7ff603454000

page read and write

7ff4fc035000

page read and write

55ce03af2000

page read and write

55ce01955000

page read and write

7ff604152000

page read and write

7ff604152000

page read and write

7ff5fbfff000

page read and write

7ff603848000

page read and write

7ff4fc032000

page read and write

7fff6b866000

page read and write

55ce0194c000

page read and write

55ce0396a000

page read and write

7ff603ab3000

page read and write

7ff603454000

page read and write

7ff5fbfff000

page read and write

55ce0194c000

page read and write

7ff602c4c000

page read and write

55ce016fb000

page execute read

7ff603ab3000

page read and write

7ff603c42000

page read and write

7ff603ad6000

page read and write

55ce016fb000

page execute read

7ff4fc035000

page read and write

7fff6b873000

page execute read

55ce03953000

page execute and read and write

55ce0396a000

page read and write

7fff6b866000

page read and write

7ff604005000

page read and write

7ff604005000

page read and write

7fff6b873000

page execute read

55ce03953000

page execute and read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
zmap.arm.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportzmap.arm.elf

Processes

Domains

IPs

Memdumps

IOC Report
zmap.arm.elf