IOC Report
H5LPetzgXV.elf

Processes

Path

Cmdline

Malicious

/tmp/H5LPetzgXV.elf

/tmp/H5LPetzgXV.elf

/tmp/H5LPetzgXV.elf

-

/tmp/H5LPetzgXV.elf

-

/tmp/H5LPetzgXV.elf

-

IPs

IP

Domain

Country

Malicious

95.164.4.65

unknown

Gibraltar

Details

IP:	95.164.4.65
TargetID:	-1
Country:	Gibraltar
Countrycode:	GIB
ASN number:	29632
ASN name:	NASSIST-ASGI
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f3378000000

page read and write

7f3378000000

page read and write

7f3380332000

page read and write

7fff50781000

page read and write

56043e1c6000

page execute read

7f3378021000

page read and write

560440456000

page execute and read and write

560440456000

page execute and read and write

7fff507e7000

page execute read

7f33809fa000

page read and write

7f337fcd3000

page read and write

7f3380355000

page read and write

7f33806a3000

page read and write

7f33809ad000

page read and write

7f337f4cb000

page read and write

56043e1c6000

page execute read

7fff50781000

page read and write

7fff50781000

page read and write

7f3378000000

page read and write

56043e44e000

page read and write

7f3378021000

page read and write

7f337fcd3000

page read and write

7f32f8411000

page execute read

7f33809fa000

page read and write

7f337fce1000

page read and write

7f33809b5000

page read and write

7f337fce1000

page read and write

560440456000

page execute and read and write

7f337fcd3000

page read and write

7f32f8411000

page execute read

7f337f4cb000

page read and write

56043e458000

page read and write

560440736000

page read and write

56043e44e000

page read and write

7f3378021000

page read and write

7f3380372000

page read and write

7fff507e7000

page execute read

56043e458000

page read and write

7f3380355000

page read and write

56044046d000

page read and write

7f3380355000

page read and write

7f32f8452000

page read and write

7fff507e7000

page execute read

7f32f8453000

page read and write

56043e1c6000

page execute read

7f337ff91000

page read and write

7f3380884000

page read and write

7f32f8453000

page read and write

7f33809b5000

page read and write

560440736000

page read and write

7f3380332000

page read and write

7f337fce1000

page read and write

560440736000

page read and write

7f337ff91000

page read and write

7f32f8452000

page read and write

7f32f8452000

page read and write

7f3380372000

page read and write

7f33806a3000

page read and write

7f337f4cb000

page read and write

56043e458000

page read and write

7f337ff91000

page read and write

7f3380884000

page read and write

7f32f8453000

page read and write

7f33809b5000

page read and write

7f3380332000

page read and write

7f3380884000

page read and write

56044046d000

page read and write

7f33809ad000

page read and write

7f33806a3000

page read and write

56044046d000

page read and write

56043e44e000

page read and write

7f3380372000

page read and write

7f33809fa000

page read and write

7f33809ad000

page read and write

7f32f8411000

page execute read

There are 65 hidden memdumps, click here to show them.