Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

Domains

Name

Malicious

akamaisus.dyn

unknown

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f91f8000000

page read and write

7f91fe8ea000

page read and write

55e3003e2000

page execute read

7f91f8000000

page read and write

7f917841e000

page read and write

7f91fecac000

page read and write

55e302615000

page read and write

7f91ff145000

page read and write

7f91fde4a000

page read and write

7f91fe65b000

page read and write

7f91fe64d000

page read and write

7f91ff01c000

page read and write

55e302615000

page read and write

55e300600000

page read and write

55e303758000

page read and write

55e3003e2000

page execute read

55e3025fe000

page execute and read and write

7f91ff14d000

page read and write

7fff7c5c6000

page execute read

55e300600000

page read and write

55e3005f8000

page read and write

7f91ff192000

page read and write

7f917840e000

page execute read

7f917841e000

page read and write

55e3025fe000

page execute and read and write

7f91ff192000

page read and write

7f91f8021000

page read and write

55e3005f8000

page read and write

7f91fe8ea000

page read and write

7f91fde4a000

page read and write

7f91ff14d000

page read and write

7f91ff01c000

page read and write

7f91fe65b000

page read and write

7fff7c577000

page read and write

7f917840e000

page execute read

7f9178421000

page read and write

7f91fecd1000

page read and write

7f91fe64d000

page read and write

7f91f8021000

page read and write

7fff7c577000

page read and write

7f91fecd1000

page read and write

55e303758000

page read and write

7f9178421000

page read and write

7f91ff145000

page read and write

7fff7c5c6000

page execute read

7f91fecac000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf