Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/proc/self/exe

/usr/bin/whoami

whoami

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/na.elf
Source:	na.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

111.229.211.161

unknown

China

Details

IP:	111.229.211.161
TargetID:	-1
Country:	China
Countrycode:	CHN
ASN number:	45090
ASN name:	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

c000400000

page read and write

b23000

page execute read

7f19c27b3000

page read and write

7ffd9cf2c000

page read and write

7f19c52a9000

page read and write

7f19c4b89000

page read and write

7f19a0389000

page read and write

7f19c5409000

page read and write

7f19a0200000

page read and write

1035000

page read and write

7f19a0000000

page read and write

7ffd9cfce000

page execute read

7f19b0903000

page read and write

7f19c532a000

page read and write

There are 4 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf