Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf
Source:	SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f4a8802b000

page execute read

557b30975000

page read and write

7f4b8e2af000

page read and write

557b3097e000

page read and write

7f4a8803e000

page read and write

7f4b8e41b000

page read and write

7f4b8e5fd000

page read and write

7f4b8e92b000

page read and write

7f4b87fff000

page read and write

7f4b88021000

page read and write

7f4b8e907000

page read and write

7ffe439e2000

page execute read

557b30724000

page execute read

7f4b8e28c000

page read and write

7ffe438e7000

page read and write

7f4b8e970000

page read and write

7f4b8dc2d000

page read and write

7f4b8e7de000

page read and write

557b342b2000

page read and write

557b3297c000

page execute and read and write

7f4b8e021000

page read and write

557b32993000

page read and write

7f4b8d425000

page read and write

7f4b8dcbf000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
SecuriteInfo.com.Linux.Siggen.9999.5706.5318.elf