Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

Domains

Name

Malicious

enemybotnet.com

93.123.39.105

Details

Name:	enemybotnet.com
IP:	93.123.39.105
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

93.123.39.105

enemybotnet.com

Bulgaria

Details

IP:	93.123.39.105
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false
Domain:	enemybotnet.com

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55dc4b5a7000

page read and write

7ffeadf6a000

page execute read

55dc49588000

page read and write

7f745c80c000

page read and write

7f745c2dd000

page read and write

7f745c80c000

page read and write

55dc4c3d3000

page read and write

7f73d4413000

page execute read

7f745bf19000

page read and write

7f745c93d000

page read and write

55dc49300000

page execute read

55dc4c3d3000

page read and write

55dc49588000

page read and write

7ffeadf2f000

page read and write

7f745c93d000

page read and write

7f745b453000

page read and write

7f745c2ba000

page read and write

7f73d4413000

page execute read

7f745bc5b000

page read and write

7f7454000000

page read and write

7f7454000000

page read and write

7f745c935000

page read and write

7f745bc5b000

page read and write

7f745c935000

page read and write

7f745c2dd000

page read and write

7f745bc69000

page read and write

7f745c982000

page read and write

55dc4b590000

page execute and read and write

7f7454021000

page read and write

7f745b453000

page read and write

55dc4b5a7000

page read and write

7f7454021000

page read and write

7f745c982000

page read and write

7ffeadf6a000

page execute read

7f73d4454000

page read and write

55dc49300000

page execute read

7f745bc69000

page read and write

7f73d4454000

page read and write

7f745c62b000

page read and write

7f745c62b000

page read and write

7f745bf19000

page read and write

55dc49592000

page read and write

7f745c2ba000

page read and write

55dc4b590000

page execute and read and write

7f745c2fa000

page read and write

7ffeadf2f000

page read and write

7f745c2fa000

page read and write

7f73d4457000

page read and write

7f73d4457000

page read and write

55dc49592000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf