IOC Report
c0r0n4x.x86.elf

Processes

Path

Cmdline

Malicious

/tmp/c0r0n4x.x86.elf

/tmp/c0r0n4x.x86.elf

URLs

Name

IP

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/c0r0n4x.x86.elf
Source:	c0r0n4x.x86.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

IP

Malicious

daisy.ubuntu.com

162.213.35.24

Memdumps

Base Address

Regiontype

Protect

Malicious

8057000

page read and write

8fd9000

page read and write

8056000

page execute read

Details

Name:	5508.1.0000000008048000.0000000008056000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	8056000
Size:	57344

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara signature match	System Summary

f7fd6000

page execute read

ffeeb000

page read and write