IOC Report
c0r0n4x.arm6.elf

Processes

Path

Cmdline

Malicious

/tmp/c0r0n4x.arm6.elf

/tmp/c0r0n4x.arm6.elf

URLs

Name

IP

Malicious

http://upx.sf.net

unknown

Details

Name:	http://upx.sf.net
TargetID:	12
From Memory:	true
Current Path:	/tmp/c0r0n4x.arm6.elf
Source:	c0r0n4x.arm6.elf

Signature Hits	Behavior Group	Mitre Attack
Sample is packed with UPX	Data Obfuscation	Obfuscated Files or Information
URLs found in memory or binary data	Networking

Domains

Name

IP

Malicious

daisy.ubuntu.com

162.213.35.24

Memdumps

Base Address

Regiontype

Protect

Malicious

7f30a67a8000

page read and write

7f30a65c6000

page read and write

7f30a0021000

page read and write

5635f7c6c000

page read and write

7ffc1d32b000

page read and write

7f2fa001f000

page execute read

7f30a55d0000

page read and write

7f309ffff000

page read and write

5635f6df0000

page execute and read and write

7f30a645a000

page read and write

5635f4de9000

page read and write

5635f4df2000

page read and write

7ffc1d3ac000

page execute read

7f2fa003c000

page read and write

7f30a6989000

page read and write

7f30a6b1b000

page read and write

7f30a6ad6000

page read and write

5635f4b98000

page execute read

7f309f7fe000

page read and write

7f30a5dd8000

page read and write

7f30a6437000

page read and write

7f30a6ab2000

page read and write

7f30a61cc000

page read and write

5635f6e07000

page read and write

7f30a5e6a000

page read and write

There are 15 hidden memdumps, click here to show them.