Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

93.123.85.167:77

Details

Name:	93.123.85.167:77
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

93.123.85.167

unknown

Bulgaria

Details

IP:	93.123.85.167
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f040403b000

page execute read

7f040403b000

page execute read

7f050a740000

page read and write

7f050ad1c000

page read and write

7f050b04a000

page read and write

7f050a34c000

page read and write

7f050b026000

page read and write

7ffe2dff2000

page execute read

556356ffa000

page read and write

7f0504021000

page read and write

7f050a3de000

page read and write

7f050aefd000

page read and write

7f050aefd000

page read and write

556356fe3000

page execute and read and write

7f050a9ab000

page read and write

556356ffa000

page read and write

556354fe5000

page read and write

7f0503fff000

page read and write

7f050a3de000

page read and write

7f0503fff000

page read and write

7f050a9ce000

page read and write

7ffe2dedf000

page read and write

7f050b04a000

page read and write

7f0504021000

page read and write

7f050b08f000

page read and write

7f050ad1c000

page read and write

7f040404b000

page read and write

7f0404043000

page read and write

556354d8b000

page execute read

7f0509b44000

page read and write

556354fdc000

page read and write

7ffe2dff2000

page execute read

556358e47000

page read and write

556354fdc000

page read and write

7ffe2dedf000

page read and write

7f040404b000

page read and write

7f050a740000

page read and write

556356fe3000

page execute and read and write

556354fe5000

page read and write

7f0509b44000

page read and write

7f050a34c000

page read and write

556354d8b000

page execute read

7f050ab3a000

page read and write

7f050ab3a000

page read and write

7f050b08f000

page read and write

7f050b026000

page read and write

7f0404043000

page read and write

7f050a9ab000

page read and write

556358e47000

page read and write

7f050a9ce000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf