Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/.i.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fb2a859e000

page read and write

7ffeb61af000

page execute read

7ffeb61a2000

page read and write

7fb2a0000000

page read and write

7fb2a857b000

page read and write

7fb2a81da000

page read and write

55feea76a000

page read and write

7fb2a7f1c000

page read and write

7fb2a0021000

page read and write

55feea4e2000

page execute read

55feea774000

page read and write

7fb2a7f2a000

page read and write

7fb2a7714000

page read and write

55feec789000

page read and write

7fb2a8bf6000

page read and write

7fb2a8acd000

page read and write

7fb2a88ec000

page read and write

7fb2a8bfe000

page read and write

7fb220115000

page execute read

55feee29c000

page read and write

7fb2a8c43000

page read and write

7fb2a85bb000

page read and write

55feec772000

page execute and read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
.i.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report.i.elf

Processes

IPs

Memdumps

IOC Report
.i.elf