Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/co.elf

URLs

Name

Malicious

212.224.93.228:666

Details

Name:	212.224.93.228:666
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

212.224.93.228

unknown

Germany

Details

IP:	212.224.93.228
TargetID:	-1
Country:	Germany
Countrycode:	DEU
ASN number:	44066
ASN name:	DE-FIRSTCOLOwwwfirst-colonetDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f78cc02c000

page execute read

7f78cc02c000

page execute read

7f78cc02c000

page execute read

7f78cc02c000

page execute read

55fb7dcfc000

page read and write

7f79d0d0f000

page read and write

7fff09ed5000

page read and write

7f79d0f9d000

page read and write

7f79cc021000

page read and write

7f79d0f7a000

page read and write

7f79d0113000

page read and write

7f79d091b000

page read and write

55fb7dcfc000

page read and write

7f79d14cc000

page read and write

7f79d1619000

page read and write

55fb7dcfc000

page read and write

7f79d09ad000

page read and write

55fb7bce7000

page read and write

7fff09f20000

page execute read

7f79d091b000

page read and write

7f79d12eb000

page read and write

7f79cbfff000

page read and write

7f79d09ad000

page read and write

7f79d0d0f000

page read and write

7f79d0113000

page read and write

55fb7ba8d000

page execute read

7f79d1109000

page read and write

7f79d0f9d000

page read and write

7f79d091b000

page read and write

7f79cbfff000

page read and write

7f79d1109000

page read and write

7f78cc03b000

page read and write

7f79d1109000

page read and write

55fb7dce5000

page execute and read and write

55fb7dce5000

page execute and read and write

55fb7e72b000

page read and write

55fb7dcfc000

page read and write

55fb7e72b000

page read and write

55fb7ba8d000

page execute read

7f79d0113000

page read and write

7f79cbfff000

page read and write

7f79d165e000

page read and write

7f78cc03b000

page read and write

7f78cc03b000

page read and write

7f79d165e000

page read and write

7f79d15f5000

page read and write

55fb7ba8d000

page execute read

7f79d12eb000

page read and write

7f79d0d0f000

page read and write

7f79d15f5000

page read and write

55fb7bce7000

page read and write

55fb7dce5000

page execute and read and write

7f79d15f5000

page read and write

7f78cc035000

page read and write

7f79d14cc000

page read and write

7fff09f20000

page execute read

7f79d1619000

page read and write

55fb7bce7000

page read and write

7f79cc021000

page read and write

7f79d1619000

page read and write

7f79d14cc000

page read and write

7f79d165e000

page read and write

7f78cc035000

page read and write

7f79cc021000

page read and write

7f79d12eb000

page read and write

55fb7e72b000

page read and write

7fff09ed5000

page read and write

7f79d0f7a000

page read and write

55fb7bcde000

page read and write

55fb7dce5000

page execute and read and write

7f78cc035000

page read and write

7fff09ed5000

page read and write

7f79d09ad000

page read and write

55fb7bce7000

page read and write

7f79d09ad000

page read and write

7f79cbfff000

page read and write

7f79d091b000

page read and write

7fff09ed5000

page read and write

55fb7e72b000

page read and write

7f78cc03c000

page read and write

55fb7bcde000

page read and write

7fff09f20000

page execute read

7f79d0f9d000

page read and write

7f79d0f7a000

page read and write

7f79d12eb000

page read and write

7fff09f20000

page execute read

55fb7bcde000

page read and write

55fb7bcde000

page read and write

7f78cc035000

page read and write

7f79d14cc000

page read and write

7f79d1619000

page read and write

7f79cc021000

page read and write

7f79d0f9d000

page read and write

7f79d15f5000

page read and write

7f78cc03b000

page read and write

55fb7ba8d000

page execute read

7f79d165e000

page read and write

7f79d0d0f000

page read and write

7f79d0f7a000

page read and write

7f79d0113000

page read and write

7f79d1109000

page read and write

There are 91 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
co.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportco.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
co.elf