Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

krddnsnet.dyn

154.90.62.142

Details

Name:	krddnsnet.dyn
IP:	154.90.62.142
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

154.90.62.142

krddnsnet.dyn

Seychelles

Details

IP:	154.90.62.142
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	40065
ASN name:	CNSERVERSUS
Private:	false
Domain:	krddnsnet.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55af7706e000

page execute read

7ffc696cb000

page execute read

7ff3b7e6e000

page read and write

55af7933d000

page read and write

7ff3b0021000

page read and write

7ff3b760b000

page read and write

7ff33000d000

page execute read

7ff3b6b6b000

page read and write

7ff3b7d3d000

page read and write

7ff3b79f2000

page read and write

7ff330017000

page read and write

7ffc69621000

page read and write

55af792a6000

page execute and read and write

55af772a8000

page read and write

7ff3b7e66000

page read and write

55af7944e000

page read and write

7ff3b79cd000

page read and write

7ff3b736e000

page read and write

7ff330010000

page read and write

7ff3b0000000

page read and write

7ff3b737c000

page read and write

7ff3b7eb3000

page read and write

55af772a0000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf