Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

URLs

Name

Malicious

http://upx.sf.net

unknown

http://%s:%d/Mozi.a;sh$

unknown

http://%s:%d/Mozi.a;chmod

unknown

http://%s:%d/Mozi.m;/tmp/Mozi.m

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://schemas.xmlsoap.org/soap/envelope//

unknown

http://%s:%d/Mozi.m

unknown

http://purenetworks.com/HNAP1/

unknown

http://%s:%d/Mozi.m;

unknown

http://%s:%d/Mozi.m;$

unknown

http://schemas.xmlsoap.org/soap/envelope/

unknown

There are 1 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7f7bcf14a000

page read and write

55c293a8d000

page read and write

7f7bc77ff000

page read and write

7f7bcf7d2000

page read and write

7f7bcf12d000

page read and write

55c295a95000

page execute and read and write

55c295aac000

page read and write

7f7bcf65c000

page read and write

7f7bc8000000

page read and write

7f7bcf10a000

page read and write

55c293a97000

page read and write

55c295e9d000

page read and write

7f7bce2a3000

page read and write

7f7bced69000

page read and write

7f7bcf785000

page read and write

55c293805000

page execute read

7f7bcf78d000

page read and write

7ffe4845c000

page read and write

7f7b484c3000

page read and write

7f7bcf47b000

page read and write

7f7bceab9000

page read and write

7f7b48422000

page execute read

7ffe484a2000

page execute read

7f7bceaab000

page read and write

7f7bc8021000

page read and write

There are 15 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

URLs

IPs

Memdumps

IOC Report
na.elf