Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

93.123.85.167:77

Details

Name:	93.123.85.167:77
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

93.123.85.167

unknown

Bulgaria

Details

IP:	93.123.85.167
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe514037000

page execute read

7fe514037000

page execute read

7fe61ac3e000

page read and write

55a8f9553000

page read and write

7fe61a72e000

page read and write

55a8f9553000

page read and write

55a8fb55a000

page execute and read and write

7fe61a59f000

page read and write

55a8f9302000

page execute read

7fe61a72e000

page read and write

55a8fbc1f000

page read and write

7fe61a334000

page read and write

55a8fb55a000

page execute and read and write

7fe51403e000

page read and write

7fe614021000

page read and write

7fe514038000

page read and write

7fe61ac1a000

page read and write

7fe61a5c2000

page read and write

7fe619f40000

page read and write

7fe514038000

page read and write

7fe61ac3e000

page read and write

7fe51403e000

page read and write

7fe61ac1a000

page read and write

7fe61a334000

page read and write

7fe613fff000

page read and write

55a8f9302000

page execute read

7fe61a910000

page read and write

7fe619738000

page read and write

7ffeedd80000

page read and write

55a8f955c000

page read and write

55a8fb571000

page read and write

7fe61aaf1000

page read and write

55a8f955c000

page read and write

7ffeedd80000

page read and write

7fe61ac83000

page read and write

7fe61ac83000

page read and write

55a8fb571000

page read and write

7ffeedd9f000

page execute read

7fe619fd2000

page read and write

7fe619738000

page read and write

7ffeedd9f000

page execute read

7fe619fd2000

page read and write

7fe61aaf1000

page read and write

55a8fbc1f000

page read and write

7fe614021000

page read and write

7fe61a910000

page read and write

7fe61a5c2000

page read and write

7fe613fff000

page read and write

7fe61a59f000

page read and write

7fe619f40000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf