Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f40f8429000

page execute read

7f417fc81000

page read and write

55c725b66000

page execute and read and write

55c7238d6000

page execute read

7ffe2dd8c000

page execute read

7f41802f5000

page read and write

7f41802d2000

page read and write

7f417fc73000

page read and write

7f418094d000

page read and write

7f4180824000

page read and write

55c725b7d000

page read and write

55c723b68000

page read and write

7f4180955000

page read and write

7f417f46b000

page read and write

55c727631000

page read and write

7f4180312000

page read and write

7f4178000000

page read and write

7ffe2dd30000

page read and write

7f4180643000

page read and write

7f417ff31000

page read and write

55c723b5e000

page read and write

7f40f846e000

page read and write

7f418099a000

page read and write

7f4178021000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf