Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/spc.elf

Domains

Name

Malicious

f.codingdrunk.

unknown

nineteen.libre. [malformed]

unknown

imaverygoodbadboy.libre. [malformed]

unknown

fortyfivehundred.dyn. [malformed]

unknown

f.codingdrunk. . [malformed]

unknown

ru.coziest.lol

unknown

www.codingdrunk.in. [malformed]

unknown

75cents.libre. [malformed]

unknown

2joints.libre. [malformed]

unknown

2joints.libre

unknown

eighteen.pirate

unknown

nineteen.libre

unknown

eighteen.pirate. [malformed]

unknown

www.codingdrunk.in

unknown

fortyfivehundred.dyn

unknown

21savage.dyn. [malformed]

unknown

ru.coziest.lol. [malformed]

unknown

imaverygoodbadboy.libre

unknown

There are 8 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7fe670c5d000

page read and write

7ffe07927000

page read and write

7fe671fa5000

page read and write

7fe56c022000

page execute read

7fe671460000

page read and write

7fe671f58000

page read and write

7fe56c039000

page read and write

55821af1e000

page read and write

7fe67146e000

page read and write

7fe671f60000

page read and write

7fe671ae4000

page read and write

7ffe079bb000

page execute read

55821ace7000

page execute read

55821d223000

page read and write

7fe56c032000

page read and write

7fe671e2f000

page read and write

7fe671abf000

page read and write

55821cf33000

page read and write

7fe66c000000

page read and write

7fe6716fd000

page read and write

55821af15000

page read and write

55821cf1c000

page execute and read and write

7fe66c021000

page read and write

There are 13 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
spc.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportspc.elf

Processes

Domains

IPs

Memdumps

IOC Report
spc.elf