Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f5d484c3000

page read and write

7f5dcfa07000

page read and write

7f5dc8000000

page read and write

7f5dcf696000

page read and write

561a43c41000

page read and write

7f5dcf2f5000

page read and write

7f5dcf045000

page read and write

561a41508000

page read and write

561a41276000

page execute read

561a4351d000

page read and write

7f5d48422000

page execute read

7f5dcfd11000

page read and write

7f5dce82f000

page read and write

7f5dcfd5e000

page read and write

7f5dc8021000

page read and write

7ffdab849000

page read and write

7f5dcf037000

page read and write

561a414fe000

page read and write

7f5dcf6d6000

page read and write

561a43506000

page execute and read and write

7ffdab9cd000

page execute read

7f5dcfd19000

page read and write

7f5dcf6b9000

page read and write

7f5dcfbe8000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf