Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.gWYdqRNfSr /tmp/tmp.zlfH7XbY54 /tmp/tmp.0IyubbBDRk

/usr/bin/dash

/usr/bin/rm

rm -f /tmp/tmp.gWYdqRNfSr /tmp/tmp.zlfH7XbY54 /tmp/tmp.0IyubbBDRk

/tmp/na.elf

Domains

Name

Malicious

75cents.libre

156.244.16.207

Details

Name:	75cents.libre
IP:	156.244.16.207
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

156.244.16.207

75cents.libre

Seychelles

Details

IP:	156.244.16.207
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	132839
ASN name:	POWERLINE-AS-APPOWERLINEDATACENTERHK
Private:	false
Domain:	75cents.libre

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55e368258000

page read and write

7f2858024000

page execute read

7f2960f5c000

page read and write

7f2960980000

page read and write

55e368241000

page execute and read and write

7f285802c000

page read and write

7f2858033000

page read and write

7f295fd84000

page read and write

7f29612cf000

page read and write

55e366243000

page read and write

7fff100af000

page execute read

55e36623a000

page read and write

7f2960d7a000

page read and write

7f2958021000

page read and write

7f296113d000

page read and write

7f2961266000

page read and write

7f2957fff000

page read and write

7fff1002b000

page read and write

7f2960c0e000

page read and write

55e365fe9000

page execute read

7f296058c000

page read and write

7f296128a000

page read and write

7f2960beb000

page read and write

55e368683000

page read and write

7f296061e000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf