Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/l8XbwyLvrK.elf

URLs

Name

Malicious

162.240.239.101:666

Details

Name:	162.240.239.101:666
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

IPs

Domain

Country

Malicious

162.240.239.101

unknown

United States

Details

IP:	162.240.239.101
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f857833d000

page read and write

5558d99eb000

page read and write

7f85779ee000

page read and write

7f8570021000

page read and write

7ffdc2742000

page read and write

5558d99d4000

page execute and read and write

5558d79d6000

page read and write

7f85782d4000

page read and write

7f8577c59000

page read and write

5558d79cd000

page read and write

7ffdc278f000

page execute read

7f8470028000

page execute read

5558d99d4000

page execute and read and write

7f856ffff000

page read and write

7f85775fa000

page read and write

7f85779ee000

page read and write

7f857768c000

page read and write

7f85781ab000

page read and write

7f8570021000

page read and write

7f8577c7c000

page read and write

7ffdc278f000

page execute read

5558d99eb000

page read and write

7f8576df2000

page read and write

7f8577de8000

page read and write

7f856ffff000

page read and write

5558d79d6000

page read and write

7f8577fca000

page read and write

5558d777c000

page execute read

7f857833d000

page read and write

7f85781ab000

page read and write

7f857768c000

page read and write

7f8470031000

page read and write

7f8470037000

page read and write

7f8577fca000

page read and write

5558daf42000

page read and write

7f85775fa000

page read and write

7f85782f8000

page read and write

7f8470031000

page read and write

7f8577c7c000

page read and write

5558daf42000

page read and write

7f85782d4000

page read and write

7f8576df2000

page read and write

7f85782f8000

page read and write

7f8470028000

page execute read

5558d777c000

page execute read

7f8577de8000

page read and write

5558d79cd000

page read and write

7ffdc2742000

page read and write

7f8577c59000

page read and write

7f8470037000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
l8XbwyLvrK.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportl8XbwyLvrK.elf

Processes

URLs

IPs

Memdumps

IOC Report
l8XbwyLvrK.elf