Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.QUdWjiudxk /tmp/tmp.EmgGv0ygrp /tmp/tmp.x3ubNkrtf2

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.QUdWjiudxk /tmp/tmp.EmgGv0ygrp /tmp/tmp.x3ubNkrtf2

/tmp/na.elf

Domains

Name

Malicious

imaverygoodbadboy.libre

154.205.144.234

Details

Name:	imaverygoodbadboy.libre
IP:	154.205.144.234
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

nineteen.libre. [malformed]

unknown

75cents.libre. [malformed]

unknown

2joints.libre. [malformed]

unknown

r3racegame.indy

unknown

eighteen.pirate

unknown

kr2ddnsnet.dyn

unknown

IPs

Domain

Country

Malicious

154.205.144.234

imaverygoodbadboy.libre

Seychelles

Details

IP:	154.205.144.234
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	26484
ASN name:	IKGUL-26484US
Private:	false
Domain:	imaverygoodbadboy.libre

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

161.97.219.84

unknown

United States

Details

IP:	161.97.219.84
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	393552
ASN name:	COL-LPCUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f17ac02b000

page read and write

5639708e8000

page read and write

7f18b3231000

page read and write

7f17ac023000

page execute read

7f18abfff000

page read and write

56396c69a000

page execute read

56396c8eb000

page read and write

7f18b28e2000

page read and write

7f18b2b70000

page read and write

7fffb8de5000

page execute read

7f18b309f000

page read and write

56396e909000

page read and write

7f18b1ce6000

page read and write

7f18b2cdc000

page read and write

56396e8f2000

page execute and read and write

7f17ac032000

page read and write

7f18b31ec000

page read and write

56396c8f4000

page read and write

7f18b2580000

page read and write

7f18b2b4d000

page read and write

7fffb8d8b000

page read and write

7f18b24ee000

page read and write

7f18b2ebe000

page read and write

7f18ac021000

page read and write

7f18b31c8000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf