Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

nineteen.libre

38.60.249.66

Details

Name:	nineteen.libre
IP:	38.60.249.66
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

fortyfivehundred.dyn

154.90.62.142

Details

Name:	fortyfivehundred.dyn
IP:	154.90.62.142
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

kr3ddnsnet1.indy

154.223.21.228

Details

Name:	kr3ddnsnet1.indy
IP:	154.223.21.228
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

subcarrace.indy

154.223.21.228

Details

Name:	subcarrace.indy
IP:	154.223.21.228
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

eighteen.pirate. [malformed]

unknown

krddnsnet.dyn. [malformed]

unknown

subcarrace.indy. [malformed]

unknown

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

154.90.62.142

fortyfivehundred.dyn

Seychelles

Details

IP:	154.90.62.142
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	40065
ASN name:	CNSERVERSUS
Private:	false
Domain:	fortyfivehundred.dyn

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

154.223.21.228

kr3ddnsnet1.indy

Seychelles

Details

IP:	154.223.21.228
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	134705
ASN name:	ITACE-AS-APItaceInternationalLimitedHK
Private:	false
Domain:	kr3ddnsnet1.indy

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

38.60.249.66

nineteen.libre

United States

Details

IP:	38.60.249.66
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false
Domain:	nineteen.libre

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

162.243.19.47

unknown

United States

Details

IP:	162.243.19.47
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	14061
ASN name:	DIGITALOCEAN-ASNUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

63.231.92.27

unknown

United States

Details

IP:	63.231.92.27
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	209
ASN name:	CENTURYLINK-US-LEGACY-QWESTUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

161.97.219.84

unknown

United States

Details

IP:	161.97.219.84
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	393552
ASN name:	COL-LPCUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ff17c026000

page execute read

7ff282803000

page read and write

7ff282950000

page read and write

7ff27c021000

page read and write

55db275ed000

page read and write

7ff27bfff000

page read and write

55db2739c000

page execute read

7ff28144a000

page read and write

7ff17c02e000

page read and write

7ff282046000

page read and write

7ff2822d4000

page read and write

7fff15123000

page read and write

7ff281c52000

page read and write

55db2a4b9000

page read and write

7fff1514f000

page execute read

55db295f4000

page execute and read and write

7ff282995000

page read and write

7ff28292c000

page read and write

7ff282622000

page read and write

55db2960b000

page read and write

7ff281ce4000

page read and write

7ff17c036000

page read and write

55db275f6000

page read and write

7ff282440000

page read and write

7ff2822b1000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf