Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/proc/self/exe

/usr/bin/whoami

whoami

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/na.elf
Source:	na.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

20.2.223.147

unknown

United States

Details

IP:	20.2.223.147
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	8075
ASN name:	MICROSOFT-CORP-MSN-AS-BLOCKUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f76c1559000

page read and write

7f769c5b8000

page read and write

c000400000

page read and write

7fffc7366000

page execute read

7f76acb32000

page read and write

1035000

page read and write

7f76c14d8000

page read and write

7fffc726e000

page read and write

7f769c200000

page read and write

b23000

page execute read

7f76be9e2000

page read and write

7f76c1638000

page read and write

7f769c400000

page read and write

7f76c0db8000

page read and write

There are 4 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf