Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

93.123.85.167:77

Details

Name:	93.123.85.167:77
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

http://www.baidu.com/search/spider.html)

unknown

http://www.billybobbot.com/crawler/)

unknown

http://fast.no/support/crawler.asp)

unknown

http://feedback.redkolibri.com/

unknown

http://www.baidu.com/search/spider.htm)

unknown

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

93.123.85.167

unknown

Bulgaria

Details

IP:	93.123.85.167
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	43561
ASN name:	NET1-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f4ab042a000

page execute read

7f4ab042a000

page execute read

7f4b3758f000

page read and write

555b307a3000

page read and write

7f4b30000000

page read and write

7f4b3756c000

page read and write

7f4b30000000

page read and write

7f4ab0444000

page read and write

7f4b36f1b000

page read and write

555b2d9f0000

page execute read

7f4ab043c000

page read and write

7ffea3d5f000

page read and write

7f4b375ac000

page read and write

7f4ab043c000

page read and write

7f4b36f1b000

page read and write

7f4b30021000

page read and write

7f4b3756c000

page read and write

7f4b3758f000

page read and write

7f4b375ac000

page read and write

7f4b37c34000

page read and write

7f4b30021000

page read and write

7f4b37bef000

page read and write

555b307a3000

page read and write

7f4b37bef000

page read and write

555b2fc80000

page execute and read and write

7f4b36705000

page read and write

7f4b371cb000

page read and write

555b2fc97000

page read and write

7f4b37abe000

page read and write

555b2dc82000

page read and write

555b2dc78000

page read and write

555b2fc80000

page execute and read and write

7f4b36705000

page read and write

7ffea3d78000

page execute read

7f4b378dd000

page read and write

555b2dc78000

page read and write

555b2fc97000

page read and write

555b2d9f0000

page execute read

7f4b36f0d000

page read and write

7f4b37abe000

page read and write

7ffea3d78000

page execute read

7f4ab0444000

page read and write

7ffea3d5f000

page read and write

7f4b36f0d000

page read and write

7f4b37be7000

page read and write

7f4b37be7000

page read and write

555b2dc82000

page read and write

7f4b371cb000

page read and write

7f4b37c34000

page read and write

7f4b378dd000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
na.elf