Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55c662c0f000

page read and write

7ffde9a23000

page read and write

7fdb68115000

page execute read

55c664c24000

page read and write

7fdbe8021000

page read and write

7fdbee0ca000

page read and write

7fdbeda4f000

page read and write

7ffde9bed000

page execute read

55c664c0d000

page execute and read and write

7fdbee117000

page read and write

7fdbecbe8000

page read and write

7fdbedfa1000

page read and write

7fdbed3f0000

page read and write

55c662c05000

page read and write

7fdbeda72000

page read and write

55c665959000

page read and write

7fdbeda8f000

page read and write

7fdbed3fe000

page read and write

7fdbe8000000

page read and write

7fdbeddc0000

page read and write

7fdbed6ae000

page read and write

7fdbee0d2000

page read and write

55c66297d000

page execute read

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf