Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/na.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

IPs

Domain

Country

Malicious

185.125.190.26

unknown

United Kingdom

Details

IP:	185.125.190.26
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7ffe3ddd5000

page execute read

7f66155db000

page read and write

7f66155fe000

page read and write

55bad11b0000

page execute read

7f661500e000

page read and write

55bad140a000

page read and write

7f6615c56000

page read and write

55bad3409000

page execute and read and write

7f6614f7c000

page read and write

55bad341f000

page read and write

7f6614774000

page read and write

7f6610021000

page read and write

7f661576a000

page read and write

7f6615b2d000

page read and write

7f6615370000

page read and write

7f661594c000

page read and write

7ffe3dd6c000

page read and write

55bad1401000

page read and write

7f651002c000

page read and write

7f6615c7a000

page read and write

7f6615cbf000

page read and write

7f6510024000

page execute read

7f660ffff000

page read and write

55bad368e000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
na.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportna.elf

Processes

Domains

IPs

Memdumps

IOC Report
na.elf