Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

iranistrash.libre

unknown

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

5.230.122.80

unknown

Germany

Details

IP:	5.230.122.80
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	12586
ASN name:	ASGHOSTNETDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

172.217.192.127

unknown

United States

Details

IP:	172.217.192.127
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fbbbcf88000

page read and write

7fbbbcf90000

page read and write

7fbbbcaef000

page read and write

7fbac4012000

page read and write

7fbbbcfd5000

page read and write

7fbbb4000000

page read and write

7fbbbce5f000

page read and write

7ffd2a44e000

page read and write

55d69ff2f000

page read and write

55d6a1f2d000

page execute and read and write

7fbbb4021000

page read and write

55d69fca4000

page execute read

7fbbbcb14000

page read and write

7fbbbbc8d000

page read and write

55d6a2fbe000

page read and write

7fbbbc49e000

page read and write

7fbbbc490000

page read and write

7fbac4013000

page read and write

7fbac4011000

page execute read

7ffd2a49c000

page execute read

55d6a1f43000

page read and write

55d69ff27000

page read and write

7fbbbc72d000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf