Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

nineteen.libre. [malformed]

unknown

IPs

Domain

Country

Malicious

38.60.249.66

unknown

United States

Details

IP:	38.60.249.66
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

63.231.92.27

unknown

United States

Details

IP:	63.231.92.27
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	209
ASN name:	CENTURYLINK-US-LEGACY-QWESTUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

185.84.81.194

unknown

Germany

Details

IP:	185.84.81.194
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	8648
ASN name:	KAMP-DE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

161.97.219.84

unknown

United States

Details

IP:	161.97.219.84
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	393552
ASN name:	COL-LPCUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7faca0452000

page read and write

56131c28e000

page read and write

7fad2634c000

page read and write

56131a279000

page read and write

7fad27026000

page read and write

7fad269eb000

page read and write

7fad25b44000

page read and write

7fad20021000

page read and write

7ffdcfd30000

page read and write

7ffdcfd49000

page execute read

7fad2660a000

page read and write

7fad26d1c000

page read and write

7faca0411000

page execute read

56131c277000

page execute and read and write

7fad27073000

page read and write

7faca0459000

page read and write

56131a26f000

page read and write

7fad26efd000

page read and write

7fad269ab000

page read and write

7fad2635a000

page read and write

7fad269ce000

page read and write

561319fe7000

page execute read

7fad2702e000

page read and write

7fad20000000

page read and write

56131cae6000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf