Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/WiT9fhQAMr.elf

Domains

Name

Malicious

drumev.eu

93.123.85.140

Details

Name:	drumev.eu
IP:	93.123.85.140
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

93.123.85.140

drumev.eu

Bulgaria

Details

IP:	93.123.85.140
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false
Domain:	drumev.eu

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffea98fa000

page read and write

7ffea99c8000

page execute read

7ffea98fa000

page read and write

610000

page read and write

60e000

page read and write

e28000

page read and write

40c000

page execute read

60e000

page read and write

610000

page read and write

610000

page read and write

e28000

page read and write

7ffea99c8000

page execute read

60e000

page read and write

7ffea98fa000

page read and write

e28000

page read and write

40c000

page execute read

40c000

page execute read

7ffea99c8000

page execute read

There are 8 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
WiT9fhQAMr.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportWiT9fhQAMr.elf

Processes

Domains

IPs

Memdumps

IOC Report
WiT9fhQAMr.elf