Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

/usr/lib/systemd/systemd

/usr/lib/snapd/snap-failure

/usr/lib/snapd/snap-failure snapd

/usr/lib/snapd/snap-failure

/usr/bin/systemctl

systemctl stop snapd.socket

/usr/lib/snapd/snap-failure

Domains

Name

Malicious

nineteen.libre

38.60.249.66

r3racegame.indy

154.223.21.228

eighteen.pirate

38.60.249.66

kr3ddnsnet1.indy

154.223.21.228

kr2ddnsnet.dyn

154.90.62.142

imaverygoodbadboy.libre

154.205.144.234

subcarrace.indy

154.223.21.228

nineteen.libre. [malformed]

unknown

imaverygoodbadboy.libre. [malformed]

unknown

fortyfivehundred.dyn. [malformed]

unknown

kr3ddnsnet1.indy. [malformed]

unknown

75cents.libre. [malformed]

unknown

2joints.libre. [malformed]

unknown

kr2ddnsnet.dyn. [malformed]

unknown

r3racegame.indy. [malformed]

unknown

fortyfivehundred.dyn

unknown

krddnsnet.dyn. [malformed]

unknown

21savage.dyn. [malformed]

unknown

daisy.ubuntu.com

162.213.35.24

There are 9 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

154.205.144.234

imaverygoodbadboy.libre

Seychelles

Details

IP:	154.205.144.234
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	26484
ASN name:	IKGUL-26484US
Private:	false
Domain:	imaverygoodbadboy.libre

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

154.90.62.142

kr2ddnsnet.dyn

Seychelles

Details

IP:	154.90.62.142
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	40065
ASN name:	CNSERVERSUS
Private:	false
Domain:	kr2ddnsnet.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

154.223.21.228

r3racegame.indy

Seychelles

Details

IP:	154.223.21.228
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	134705
ASN name:	ITACE-AS-APItaceInternationalLimitedHK
Private:	false
Domain:	r3racegame.indy

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

38.60.249.66

nineteen.libre

United States

Details

IP:	38.60.249.66
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false
Domain:	nineteen.libre

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe318031000

page read and write

7fe41e777000

page read and write

7fe417fff000

page read and write

7fe41eca6000

page read and write

55c98f11e000

page execute read

7fe41e4e9000

page read and write

7ffc4ce37000

page read and write

7fe41d8ed000

page read and write

7fe41e187000

page read and write

7fe318029000

page execute read

7fe41edcf000

page read and write

7fe41ee38000

page read and write

55c99138d000

page read and write

7fe41e0f5000

page read and write

7fe31803a000

page read and write

55c98f378000

page read and write

55c992500000

page read and write

7fe41eac5000

page read and write

7fe41edf3000

page read and write

7fe41e8e3000

page read and write

7fe418021000

page read and write

7ffc4ced4000

page execute read

55c991376000

page execute and read and write

55c98f36f000

page read and write

7fe41e754000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf