Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/main.elf

URLs

Name

Malicious

http://nginx.com/

unknown

https://go.dev/pkg/crypto/rsa#hdr-Minimum_key_size)b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120

unknown

http://nginx.org/

unknown

https://go.dev/issue/66821):

unknown

https://github.com/rurreac/slider

unknown

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

c000400000

page read and write

7f34fe1ba000

page read and write

7f34b547b000

page read and write

7f34b74df000

page read and write

7f34c9760000

page read and write

ade000

page read and write

7f34b647d000

page read and write

19ef000

page read and write

73c000

page execute read

7f34fe18a000

page read and write

7f34fe134000

page read and write

7f34ac021000

page read and write

7f34b6cbe000

page read and write

7f34fe175000

page read and write

7f34fb610000

page read and write

b0e000

page read and write

7f34e9760000

page read and write

7f34b5c7c000

page read and write

7f34fd9e6000

page read and write

7ffe9870e000

page execute read

7f34fde60000

page read and write

7f34fe157000

page read and write

7f34fdf42000

page read and write

7f34b0021000

page read and write

7f34a8021000

page read and write

7f34b95df000

page read and write

7ffe986dc000

page read and write

There are 17 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
main.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmain.elf

Processes

URLs

IPs

Memdumps

IOC Report
main.elf