Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

5622c3eb1000

page read and write

5622c2c27000

page execute and read and write

7f01b7e3a000

page read and write

5622c0997000

page execute read

7f01b834c000

page read and write

7f01b8475000

page read and write

7f01b0021000

page read and write

7f01b7e1d000

page read and write

7f01b816b000

page read and write

5622c0c29000

page read and write

7ffe0786e000

page read and write

7f01b847d000

page read and write

7f01b7dfa000

page read and write

7ffe07936000

page execute read

7f01b77a9000

page read and write

7f01b84c2000

page read and write

5622c2c3e000

page read and write

5622c0c1f000

page read and write

7f01b6f93000

page read and write

7f0130115000

page execute read

7f01b7a59000

page read and write

7f01b779b000

page read and write

7f01b0000000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf