Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/criptonize.armv5l.elf

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f23b417b000

page read and write

55a769c23000

page read and write

7f23b37ab000

page read and write

7f22ac041000

page read and write

55a767e74000

page execute and read and write

7f22ac034000

page execute read

55a765c1c000

page execute read

7f23b3f99000

page read and write

7f23b3e2d000

page read and write

7f23b383d000

page read and write

55a765e6d000

page read and write

7f23ac021000

page read and write

7f23abfff000

page read and write

7ffe851ed000

page execute read

7f23b3b9f000

page read and write

7f23b3e0a000

page read and write

7ffe851d5000

page read and write

7f23b435c000

page read and write

55a767e8b000

page read and write

7f23b44a9000

page read and write

7f23b4485000

page read and write

7f22ac046000

page read and write

55a765e76000

page read and write

7f23b44ee000

page read and write

7f23b2fa3000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
criptonize.armv5l.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportcriptonize.armv5l.elf

Processes

IPs

Memdumps

IOC Report
criptonize.armv5l.elf