Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/harm5.elf

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

kingstonwikkerink.dyn

213.182.204.57

Details

Name:	kingstonwikkerink.dyn
IP:	213.182.204.57
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

86.107.100.80

unknown

Romania

Details

IP:	86.107.100.80
TargetID:	-1
Country:	Romania
Countrycode:	ROU
ASN number:	38995
ASN name:	AMG-ASRO
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

185.82.200.181

unknown

Netherlands

Details

IP:	185.82.200.181
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	60117
ASN name:	HSAE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

213.182.204.57

kingstonwikkerink.dyn

Latvia

Details

IP:	213.182.204.57
TargetID:	-1
Country:	Latvia
Countrycode:	LVA
ASN number:	9009
ASN name:	M247GB
Private:	false
Domain:	kingstonwikkerink.dyn

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

193.233.193.45

unknown

Russian Federation

Details

IP:	193.233.193.45
TargetID:	-1
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

31.13.248.89

unknown

Bulgaria

Details

IP:	31.13.248.89
TargetID:	-1
Country:	Bulgaria
Countrycode:	BGR
ASN number:	34224
ASN name:	NETERRA-ASBG
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7f0bd8dd5000

page read and write

7f0bd95dd000

page read and write

7f0ad4031000

page read and write

55f9bee87000

page read and write

7f0bd3fff000

page read and write

7f0bda2db000

page read and write

7f0bda320000

page read and write

55f9c1e97000

page read and write

55f9bec2d000

page execute read

7f0bda320000

page read and write

7f0bd99d1000

page read and write

55f9bee7e000

page read and write

7f0bda18e000

page read and write

7f0bd4021000

page read and write

55f9c0e85000

page execute and read and write

7f0bda18e000

page read and write

7f0ad4037000

page read and write

7f0ad4037000

page read and write

7f0bd3fff000

page read and write

7f0bd99d1000

page read and write

7f0bd966f000

page read and write

7f0ad4031000

page read and write

7f0bd8dd5000

page read and write

7f0bd9c3c000

page read and write

7f0ad4028000

page execute read

7f0bd95dd000

page read and write

55f9bee87000

page read and write

55f9c0e85000

page execute and read and write

7ffeb9528000

page read and write

7f0bd8dd5000

page read and write

7f0bda2b7000

page read and write

7f0bda2db000

page read and write

7f0ad4028000

page execute read

7f0bda2b7000

page read and write

7f0bda18e000

page read and write

55f9c0e9c000

page read and write

7f0ad4028000

page execute read

7f0ad4031000

page read and write

7f0bd9fad000

page read and write

7ffeb959d000

page execute read

7f0bd9dcb000

page read and write

7f0bd9fad000

page read and write

7f0bd9c5f000

page read and write

55f9c1e97000

page read and write

7f0bd9c3c000

page read and write

7f0bd95dd000

page read and write

7f0bda320000

page read and write

7f0bd99d1000

page read and write

7f0bd966f000

page read and write

7ffeb9528000

page read and write

7f0bd4021000

page read and write

7f0bd9dcb000

page read and write

55f9bec2d000

page execute read

55f9c0e9c000

page read and write

55f9c1e97000

page read and write

55f9bee7e000

page read and write

7f0bd9c3c000

page read and write

7f0bd9fad000

page read and write

7ffeb959d000

page execute read

7f0bd9c5f000

page read and write

7f0bda2db000

page read and write

7f0bd4021000

page read and write

7ffeb9528000

page read and write

55f9bec2d000

page execute read

7f0bd9c5f000

page read and write

7f0bd3fff000

page read and write

55f9bee7e000

page read and write

7f0bd966f000

page read and write

7f0bda2b7000

page read and write

7ffeb959d000

page execute read

7f0bd9dcb000

page read and write

55f9c0e9c000

page read and write

55f9c0e85000

page execute and read and write

55f9bee87000

page read and write

7f0ad4037000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
harm5.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportharm5.elf

Processes

Domains

IPs

Memdumps

IOC Report
harm5.elf