Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

Domains

Name

Malicious

enemybotnet.com

93.123.39.105

Details

Name:	enemybotnet.com
IP:	93.123.39.105
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

93.123.39.105

enemybotnet.com

Bulgaria

Details

IP:	93.123.39.105
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false
Domain:	enemybotnet.com

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

55cc2b7d4000

page read and write

7f73dc1ef000

page read and write

7f73db705000

page read and write

55cc2b7d4000

page read and write

7f72e4020000

page read and write

7f73d4021000

page read and write

7ffda11c4000

page execute read

7f73dc0c6000

page read and write

55cc27cf8000

page read and write

55cc27cf0000

page read and write

7ffda11c4000

page execute read

55cc27a6d000

page execute read

7f73d4021000

page read and write

7f73db6f7000

page read and write

55cc29d0c000

page read and write

55cc27cf8000

page read and write

7f73dc23c000

page read and write

7f72e4023000

page read and write

7f72e4020000

page read and write

7f73dbd56000

page read and write

55cc27cf0000

page read and write

7f72e4010000

page execute read

7ffda10de000

page read and write

7f73daef4000

page read and write

7f73d4000000

page read and write

55cc29cf6000

page execute and read and write

7f73dc0c6000

page read and write

55cc29d0c000

page read and write

7f73dc1f7000

page read and write

7f73dc23c000

page read and write

7f72e4010000

page execute read

7f72e4023000

page read and write

7ffda10de000

page read and write

7f73dc1ef000

page read and write

55cc29cf6000

page execute and read and write

7f73db994000

page read and write

7f73dbd7b000

page read and write

55cc27a6d000

page execute read

7f73daef4000

page read and write

7f73d4000000

page read and write

7f73dbd7b000

page read and write

7f73db705000

page read and write

7f73dc1f7000

page read and write

7f73dbd56000

page read and write

7f73db6f7000

page read and write

7f73db994000

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf