Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.oS3FoE8Jb0 /tmp/tmp.4mzvJzgfA7 /tmp/tmp.4d3NucQSd1

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.oS3FoE8Jb0

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/cat

cat /tmp/tmp.oS3FoE8Jb0

/usr/bin/dash

/usr/bin/head

head -n 10

/usr/bin/dash

/usr/bin/tr

tr -d \\000-\\011\\013\\014\\016-\\037

/usr/bin/dash

/usr/bin/cut

cut -c -80

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.oS3FoE8Jb0 /tmp/tmp.4mzvJzgfA7 /tmp/tmp.4d3NucQSd1

There are 12 hidden processes, click here to show them.

Domains

Name

Malicious

dump.hduak.site

158.220.114.75

Details

Name:	dump.hduak.site
IP:	158.220.114.75
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

158.220.114.75

dump.hduak.site

Switzerland

Details

IP:	158.220.114.75
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	8556
ASN name:	LEVANTISCH
Private:	false
Domain:	dump.hduak.site

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

54.171.230.55

unknown

United States

Details

IP:	54.171.230.55
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f2c8c38b000

page execute read

7f2d10af7000

page read and write

7f2c8c39c000

page read and write

7f2d0c021000

page read and write

558d7d3fa000

page execute and read and write

558d7eb3e000

page read and write

7f2c8c39b000

page read and write

7f2d10868000

page read and write

7f2d11352000

page read and write

7f2d11229000

page read and write

558d7b3fc000

page read and write

7f2d10eb9000

page read and write

7f2d0c000000

page read and write

7f2d1085a000

page read and write

558d7b1de000

page execute read

7f2d1139f000

page read and write

7ffccf7cd000

page execute read

558d7d411000

page read and write

558d7b3f4000

page read and write

7f2d10ede000

page read and write

7f2d1135a000

page read and write

7ffccf75c000

page read and write

There are 12 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf