Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/fNR6GoKo15.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/fNR6GoKo15.elf
Source:	fNR6GoKo15.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

http://185.196.10.215/bins/mips;

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7efd0802d000

page execute read

7efd0802d000

page execute read

55bdd3cea000

page read and write

7ffd27773000

page execute read

7ffd27773000

page execute read

55bdd1ccc000

page read and write

7efe10ba3000

page read and write

55bdd46b0000

page read and write

7efe10bc7000

page read and write

7ffd27669000

page read and write

7efe0fec9000

page read and write

7efe0fec9000

page read and write

7efe102bd000

page read and write

7efe10a7a000

page read and write

55bdd1cd5000

page read and write

7efe10899000

page read and write

7efe10528000

page read and write

7efe0ff5b000

page read and write

7efe10528000

page read and write

7efe0f6c1000

page read and write

7efe106b7000

page read and write

7ffd27669000

page read and write

7efd0803a000

page read and write

55bdd1cd5000

page read and write

55bdd3cd3000

page execute and read and write

7efe106b7000

page read and write

55bdd1a7b000

page execute read

7efe0ff5b000

page read and write

7efe10c0c000

page read and write

7efe1054b000

page read and write

7efe07fff000

page read and write

55bdd1ccc000

page read and write

55bdd46d3000

page read and write

7efe10899000

page read and write

7efe0f6c1000

page read and write

55bdd1a7b000

page execute read

7efe07fff000

page read and write

7efe08021000

page read and write

7efd0803a000

page read and write

55bdd3cd3000

page execute and read and write

7efe10c0c000

page read and write

7efe08021000

page read and write

7efe102bd000

page read and write

7efe10bc7000

page read and write

7efe10a7a000

page read and write

7efe10ba3000

page read and write

7efe1054b000

page read and write

55bdd3cea000

page read and write

There are 38 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
fNR6GoKo15.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportfNR6GoKo15.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
fNR6GoKo15.elf