Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/tc2iriCZdi.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	16
From Memory:	true
Current Path:	/tmp/tc2iriCZdi.elf
Source:	tc2iriCZdi.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

45.131.65.138

unknown

Germany

Details

IP:	45.131.65.138
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	47987
ASN name:	LOVESERVERSGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

413000

page execute read

1403000

page read and write

7ffe847d5000

page execute read

1404000

page read and write

7ffe847d5000

page execute read

413000

page execute read

1404000

page read and write

615000

page read and write

615000

page read and write

615000

page read and write

7ffe847d5000

page execute read

615000

page read and write

1403000

page read and write

7ffe847d5000

page execute read

7ffe8464a000

page read and write

7ffe8464a000

page read and write

7ffe8464a000

page read and write

7ffe8464a000

page read and write

413000

page execute read

413000

page execute read

There are 10 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
tc2iriCZdi.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporttc2iriCZdi.elf

Processes

URLs

IPs

Memdumps

IOC Report
tc2iriCZdi.elf