Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

Domains

Name

Malicious

enemybotnet.com

93.123.39.105

Details

Name:	enemybotnet.com
IP:	93.123.39.105
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

93.123.39.105

enemybotnet.com

Bulgaria

Details

IP:	93.123.39.105
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false
Domain:	enemybotnet.com

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f18b35e1000

page read and write

7f18b3b33000

page read and write

7f18ac021000

page read and write

7f18b3952000

page read and write

7f18b3770000

page read and write

7f18b35e1000

page read and write

7f18b3014000

page read and write

7f18b2f82000

page read and write

557e1d38f000

page read and write

7ffdf3bf9000

page execute read

7f18b3014000

page read and write

7f18b3604000

page read and write

7f18b3376000

page read and write

7f17ac027000

page execute read

557e1f396000

page execute and read and write

7f17ac032000

page read and write

7f17ac02f000

page read and write

7f18b3952000

page read and write

557e1d398000

page read and write

7f18b277a000

page read and write

7f18b277a000

page read and write

7f18b3604000

page read and write

7f18b3770000

page read and write

7f17ac027000

page execute read

7f17ac032000

page read and write

7f18b3c80000

page read and write

7f18b3c80000

page read and write

7f18abfff000

page read and write

557e1f3ad000

page read and write

7f18ac021000

page read and write

7f17ac02f000

page read and write

7f18b2f82000

page read and write

7f18b3376000

page read and write

557e1d13e000

page execute read

7f18b3cc5000

page read and write

7f18abfff000

page read and write

557e1f3ad000

page read and write

7ffdf3bf5000

page read and write

7f18b3b33000

page read and write

7ffdf3bf5000

page read and write

7f18b3c5c000

page read and write

7f18b3cc5000

page read and write

7f18b3c5c000

page read and write

557e1f7ac000

page read and write

557e1d38f000

page read and write

557e1d398000

page read and write

7ffdf3bf9000

page execute read

557e1d13e000

page execute read

557e1f396000

page execute and read and write

557e1f7ac000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf