Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

jsgd.us-tv.top

205.185.120.246

Details

Name:	jsgd.us-tv.top
IP:	205.185.120.246
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

205.185.120.246

jsgd.us-tv.top

United States

Details

IP:	205.185.120.246
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	53667
ASN name:	PONYNETUS
Private:	false
Domain:	jsgd.us-tv.top

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f98d002b000

page execute read

7f98d002b000

page execute read

558efc248000

page execute read

7f98d0033000

page read and write

7f99d8312000

page read and write

7f99d8312000

page read and write

7f99d0021000

page read and write

558efe4b7000

page read and write

7f99d82cd000

page read and write

7fff34fcb000

page execute read

7f99d7661000

page read and write

7f99d79c3000

page read and write

7f99d7c2e000

page read and write

7f99d7dbd000

page read and write

7f99d0021000

page read and write

7f99d6dc7000

page read and write

7f99d82cd000

page read and write

558efe4a0000

page execute and read and write

7f99d75cf000

page read and write

7f98d0033000

page read and write

558efe4a0000

page execute and read and write

7f98d0038000

page read and write

7fff34f85000

page read and write

558efc499000

page read and write

7f99d82a9000

page read and write

7f99cffff000

page read and write

7f99d7c2e000

page read and write

7f99d8180000

page read and write

7f99d7f9f000

page read and write

7f99d7c51000

page read and write

558efc4a2000

page read and write

7f99d7c51000

page read and write

7f99cffff000

page read and write

558f00116000

page read and write

558f000f5000

page read and write

7f98d0038000

page read and write

7fff34f85000

page read and write

558efc499000

page read and write

558efc248000

page execute read

7f99d8180000

page read and write

7f99d7dbd000

page read and write

7f99d6dc7000

page read and write

7fff34fcb000

page execute read

558efc4a2000

page read and write

558efe4b7000

page read and write

7f99d79c3000

page read and write

7f99d82a9000

page read and write

7f99d7661000

page read and write

7f99d7f9f000

page read and write

7f99d75cf000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf