Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

5.42.98.74:4258

Details

Name:	5.42.98.74:4258
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

5.42.98.74

unknown

Russian Federation

Details

IP:	5.42.98.74
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f24d002e000

page execute read

7f24d002e000

page execute read

5581771c6000

page read and write

558174f57000

page execute read

7f25d5040000

page read and write

7f25d5592000

page read and write

5581782e9000

page read and write

7f25d56bb000

page read and write

7ffef5b5e000

page execute read

7f24d0036000

page read and write

7f25d49e1000

page read and write

7f25d4dd5000

page read and write

7f25d41d9000

page read and write

7f24d0036000

page read and write

5581751a8000

page read and write

558174f57000

page execute read

7f25d4dd5000

page read and write

7f25d56bb000

page read and write

7f25d5040000

page read and write

7ffef5b2a000

page read and write

7f25d5063000

page read and write

5581771c6000

page read and write

7f25d53b1000

page read and write

5581751b1000

page read and write

7f24d003e000

page read and write

7f25d0021000

page read and write

7f25d51cf000

page read and write

5581751b1000

page read and write

7f25d5724000

page read and write

7f25d56df000

page read and write

7f25d41d9000

page read and write

5581751a8000

page read and write

7f25d4a73000

page read and write

5581782e9000

page read and write

7f25d49e1000

page read and write

7f25d56df000

page read and write

7f25d5724000

page read and write

7f25cffff000

page read and write

7f25d0021000

page read and write

7f24d003e000

page read and write

7f25d53b1000

page read and write

7ffef5b2a000

page read and write

5581771af000

page execute and read and write

5581771af000

page execute and read and write

7f25d5063000

page read and write

7ffef5b5e000

page execute read

7f25d5592000

page read and write

7f25cffff000

page read and write

7f25d4a73000

page read and write

7f25d51cf000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf