Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/eWOLEi2hJg.elf

Domains

Name

IP

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

IP

Domain

Country

Malicious

45.124.64.27

unknown

Hong Kong

Details

IP:	45.124.64.27
TargetID:	-1
Country:	Hong Kong
Countrycode:	HKG
ASN number:	36351
ASN name:	SOFTLAYERUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

401000

page execute and read and write

Details

Name:	5435.1.0000000000400000.0000000000401000.rwx.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute and read and write
Base address:	401000
Size:	4096

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Yara detected ConnectBack	Stealing of Sensitive Information, Remote Access Functionality

7f46f131f000

page execute and read and write

7ffe716df000

page execute and read and write

7ffe7176f000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
eWOLEi2hJg.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReporteWOLEi2hJg.elf

Processes

Domains

IPs

Memdumps

IOC Report
eWOLEi2hJg.elf