Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.H1exLYzdDd /tmp/tmp.F4EIyQ4tQL /tmp/tmp.D3iSmRZF42

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.H1exLYzdDd /tmp/tmp.F4EIyQ4tQL /tmp/tmp.D3iSmRZF42

/tmp/cayo.arm7.elf

URLs

Name

Malicious

https://www.gnu.org/software/libc/bugs.html

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

207.244.199.83

unknown

United States

Details

IP:	207.244.199.83
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	6428
ASN name:	CDMUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f15b80b3000

page execute read

7f15b80b3000

page execute read

7f15b80b3000

page execute read

7f16c113b000

page read and write

7f16b8021000

page read and write

7f15b80b7000

page read and write

7f16c04cf000

page read and write

55bd27004000

page execute read

7f16c0c2b000

page read and write

7ffd617a0000

page execute read

7f16b7fff000

page read and write

7f16c0c2b000

page read and write

7f16c113b000

page read and write

7f16b7fff000

page read and write

7f16c1180000

page read and write

7f16c1180000

page read and write

55bd29273000

page read and write

7f16b8021000

page read and write

55bd27255000

page read and write

7f16bfc35000

page read and write

7f16c1180000

page read and write

7f15b80e1000

page read and write

7f16bfc35000

page read and write

7f16c0e0d000

page read and write

7f16c0abf000

page read and write

7f16c0abf000

page read and write

55bd2925c000

page execute and read and write

7f16c0831000

page read and write

55bd2a12a000

page read and write

7f16c1117000

page read and write

55bd2725e000

page read and write

7f16c0fee000

page read and write

7f16c0831000

page read and write

7f16c0a9c000

page read and write

55bd27255000

page read and write

7f16c043d000

page read and write

55bd29273000

page read and write

7f16c043d000

page read and write

7f16c113b000

page read and write

55bd2a12a000

page read and write

7f16b7fff000

page read and write

7f16c0a9c000

page read and write

7f16c043d000

page read and write

7ffd617a0000

page execute read

7f16c0fee000

page read and write

7f15b80e1000

page read and write

7ffd61719000

page read and write

7ffd61719000

page read and write

55bd2925c000

page execute and read and write

7f16c0c2b000

page read and write

7ffd61719000

page read and write

55bd2a12a000

page read and write

7f16c04cf000

page read and write

7ffd617a0000

page execute read

7f16bfc35000

page read and write

7f15b80e1000

page read and write

7f16c1117000

page read and write

55bd27004000

page execute read

7f16b8021000

page read and write

55bd2925c000

page execute and read and write

55bd27255000

page read and write

7f16c0e0d000

page read and write

55bd29273000

page read and write

7f16c0abf000

page read and write

55bd2725e000

page read and write

7f16c1117000

page read and write

7f15b80b7000

page read and write

7f16c0fee000

page read and write

7f16c0a9c000

page read and write

7f15b80b7000

page read and write

7f16c0e0d000

page read and write

7f16c0831000

page read and write

55bd27004000

page execute read

7f16c04cf000

page read and write

55bd2725e000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
cayo.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportcayo.arm7.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
cayo.arm7.elf