Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/harm4.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.24

kingstonwikkerink.dyn

31.13.248.89

Details

Name:	kingstonwikkerink.dyn
IP:	31.13.248.89
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.82.200.181

unknown

Netherlands

Details

IP:	185.82.200.181
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	60117
ASN name:	HSAE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

213.182.204.57

unknown

Latvia

Details

IP:	213.182.204.57
TargetID:	-1
Country:	Latvia
Countrycode:	LVA
ASN number:	9009
ASN name:	M247GB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

195.133.92.51

unknown

Russian Federation

Details

IP:	195.133.92.51
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	197695
ASN name:	AS-REGRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

193.233.193.45

unknown

Russian Federation

Details

IP:	193.233.193.45
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

81.29.149.178

unknown

Switzerland

Details

IP:	81.29.149.178
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	39616
ASN name:	COMUNICA_IT_SERVICESCH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

91.149.238.18

unknown

Poland

Details

IP:	91.149.238.18
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	41952
ASN name:	MARTON-ASPL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

91.149.218.232

unknown

Poland

Details

IP:	91.149.218.232
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	198401
ASN name:	GECKONET-ASPL
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

31.13.248.89

kingstonwikkerink.dyn

Bulgaria

Details

IP:	31.13.248.89
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34224
ASN name:	NETERRA-ASBG
Private:	false
Domain:	kingstonwikkerink.dyn

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

86.107.100.80

unknown

Romania

Details

IP:	86.107.100.80
TargetID:	-1
Country:	Romania
Countrycode:	ROU
ASN number:	38995
ASN name:	AMG-ASRO
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

5612188a7000

page read and write

7fff4fbb9000

page execute read

561217d75000

page read and write

7fc0c0029000

page execute read

7fc1c6390000

page read and write

7fc0c0038000

page read and write

7fc1c5a86000

page read and write

7fc1c5724000

page read and write

7fc1c5e80000

page read and write

7fff4fb1b000

page read and write

5612188a7000

page read and write

561215d60000

page read and write

561215d57000

page read and write

561217d5e000

page execute and read and write

7fc1c636c000

page read and write

7fc1c5e80000

page read and write

7fc0c0032000

page read and write

7fc1c5e80000

page read and write

7fc1c63d5000

page read and write

7fc0c0029000

page execute read

7fc1c4e8a000

page read and write

7fc1c5e80000

page read and write

7fc1c6062000

page read and write

561215b06000

page execute read

561217d5e000

page execute and read and write

561215b06000

page execute read

7fc1c5cf1000

page read and write

561217d75000

page read and write

5612188a7000

page read and write

7fc1c0021000

page read and write

561215b06000

page execute read

7fc0c0029000

page execute read

7fff4fb1b000

page read and write

7fc1bffff000

page read and write

7fff4fbb9000

page execute read

7fc1bffff000

page read and write

7fc1c6390000

page read and write

7fc1c5d14000

page read and write

7fc1c63d5000

page read and write

7fc1c4e8a000

page read and write

7fc1c6243000

page read and write

7fc1c6243000

page read and write

7fc1c5d14000

page read and write

7fc0c003a000

page read and write

7fc1c5cf1000

page read and write

561215d57000

page read and write

7fc1c4e8a000

page read and write

7fc0c0032000

page read and write

7fc0c0032000

page read and write

561217d75000

page read and write

7fc1c5724000

page read and write

561217d75000

page read and write

561217d5e000

page execute and read and write

7fc1c636c000

page read and write

561215d60000

page read and write

7fc1c5a86000

page read and write

7fc1bffff000

page read and write

7fc1c6243000

page read and write

561215d57000

page read and write

561215d57000

page read and write

7fc0c0038000

page read and write

7fc1c5d14000

page read and write

561217d5e000

page execute and read and write

7fc1c63d5000

page read and write

7fc1c5cf1000

page read and write

7fc1c4e8a000

page read and write

7fc1c5692000

page read and write

7fc1c5724000

page read and write

7fc1c63d5000

page read and write

7fc1c0021000

page read and write

561215d60000

page read and write

561215d60000

page read and write

5612188a7000

page read and write

7fc1c5692000

page read and write

7fff4fb1b000

page read and write

7fff4fbb9000

page execute read

7fc0c0032000

page read and write

7fc0c0038000

page read and write

7fc1c6062000

page read and write

7fc1c6390000

page read and write

7fc1c6062000

page read and write

7fc1c6062000

page read and write

7fc1c5a86000

page read and write

7fc1c5a86000

page read and write

7fc1c636c000

page read and write

7fc1c5d14000

page read and write

7fc0c0038000

page read and write

7fff4fbb9000

page execute read

7fc1c6390000

page read and write

7fc1c5692000

page read and write

7fc1c5cf1000

page read and write

7fc1c636c000

page read and write

561215b06000

page execute read

7fc0c0029000

page execute read

7fc1c6243000

page read and write

7fc1bffff000

page read and write

7fc1c0021000

page read and write

7fff4fb1b000

page read and write

7fc1c5724000

page read and write

7fc1c5692000

page read and write

7fc1c0021000

page read and write

There are 91 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
harm4.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportharm4.elf

Processes

Domains

IPs

Memdumps

IOC Report
harm4.elf