Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

5.42.98.74:4258

Details

Name:	5.42.98.74:4258
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

5.42.98.74

unknown

Russian Federation

Details

IP:	5.42.98.74
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f5ccc02e000

page execute read

7f5ccc02e000

page execute read

7f5dd2cd3000

page read and write

7f5dcc021000

page read and write

7f5dd1e49000

page read and write

7f5dd26e3000

page read and write

7f5dd2651000

page read and write

56343007e000

page read and write

7f5dd2e3f000

page read and write

56342e069000

page read and write

7f5dd2cd3000

page read and write

7f5dd3202000

page read and write

563430067000

page execute and read and write

7f5ccc036000

page read and write

56343007e000

page read and write

7ffd740db000

page read and write

56342de0f000

page execute read

7ffd740e0000

page execute read

56342e060000

page read and write

7f5dd332b000

page read and write

7f5dd2a45000

page read and write

7ffd740db000

page read and write

7f5dd3202000

page read and write

56342e060000

page read and write

563431e55000

page read and write

7f5dd2cb0000

page read and write

7ffd740e0000

page execute read

7f5dd2a45000

page read and write

7f5dd334f000

page read and write

563431e55000

page read and write

7f5dd1e49000

page read and write

7f5dd3394000

page read and write

7f5dd3394000

page read and write

7f5dd334f000

page read and write

7f5dd2cb0000

page read and write

563430067000

page execute and read and write

7f5dcbfff000

page read and write

7f5dd2e3f000

page read and write

56342e069000

page read and write

7f5dd3021000

page read and write

7f5ccc036000

page read and write

7f5dd332b000

page read and write

7f5dcc021000

page read and write

7f5ccc03e000

page read and write

7f5dd26e3000

page read and write

7f5ccc03e000

page read and write

7f5dd3021000

page read and write

7f5dd2651000

page read and write

56342de0f000

page execute read

7f5dcbfff000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf