Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/proc/self/exe

/usr/bin/whoami

whoami

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/na.elf
Source:	na.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

unknown

IPs

Domain

Country

Malicious

152.136.107.163

unknown

China

Details

IP:	152.136.107.163
TargetID:	-1
Country:	China
Countrycode:	CHN
ASN number:	45090
ASN name:	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

c33000

page read and write

7ffffdc96000

page execute read

7f2a67e00000

page read and write

7f2a8ceec000

page read and write

7f2a67c00000

page read and write

7f2a8ce0d000

page read and write

7f2a7854a000

page read and write

7f2a8a3fa000

page read and write

7a9000

page execute read

7f2a67fd0000

page read and write

c000400000

page read and write

7ffffdbfd000

page read and write

7f2a8c7d0000

page read and write

7f2a8cd8c000

page read and write

There are 4 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf