Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/tarm7.elf

Domains

Name

Malicious

sandmen.geek

46.23.108.161

Details

Name:	sandmen.geek
IP:	46.23.108.161
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Sends malformed DNS queries	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

dingdingrouter.pirate

46.23.108.62

Details

Name:	dingdingrouter.pirate
IP:	46.23.108.62
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

sliteyed.pirate

46.23.108.58

Details

Name:	sliteyed.pirate
IP:	46.23.108.58
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Sends malformed DNS queries	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

sliteyed.pirate. [malformed]

unknown

sandmen.geek. [malformed]

unknown

repo.dyn. [malformed]

unknown

daisy.ubuntu.com

162.213.35.25

IPs

Domain

Country

Malicious

46.23.108.58

sliteyed.pirate

Azerbaijan

Details

IP:	46.23.108.58
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false
Domain:	sliteyed.pirate

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.109

unknown

Azerbaijan

Details

IP:	46.23.108.109
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.62

dingdingrouter.pirate

Azerbaijan

Details

IP:	46.23.108.62
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false
Domain:	dingdingrouter.pirate

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.54

unknown

Azerbaijan

Details

IP:	46.23.108.54
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.64

unknown

Azerbaijan

Details

IP:	46.23.108.64
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.55

unknown

Azerbaijan

Details

IP:	46.23.108.55
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.252

unknown

Azerbaijan

Details

IP:	46.23.108.252
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

46.23.108.159

unknown

Azerbaijan

Details

IP:	46.23.108.159
TargetID:	-1
Country:	Azerbaijan
Countrycode:	AZE
ASN number:	15723
ASN name:	AZERONLINEAZ
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Sample scans a subnet	Networking	Network Service Discovery
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

7f5046897000

page read and write

560730305000

page read and write

7f4f40036000

page read and write

7f50464a3000

page read and write

7f5046e73000

page read and write

7f503ffff000

page read and write

7f504717d000

page read and write

560730305000

page read and write

7f5046c91000

page read and write

7f5046535000

page read and write

7f4f4003e000

page read and write

56072d33e000

page read and write

7ffeb7d8d000

page read and write

7f50471a1000

page read and write

7f5046897000

page read and write

7f4f4003e000

page read and write

7f5046e73000

page read and write

7f4f4002e000

page execute read

56072f35c000

page read and write

7f5046535000

page read and write

7f50471e6000

page read and write

7f4f40036000

page read and write

56072d33e000

page read and write

56072d33e000

page read and write

56072f345000

page execute and read and write

7f504717d000

page read and write

7f5045c9b000

page read and write

7f50471a1000

page read and write

56072f345000

page execute and read and write

7f5046b25000

page read and write

7f5046e73000

page read and write

7f50464a3000

page read and write

7ffeb7d8d000

page read and write

7f5046c91000

page read and write

7ffeb7dd5000

page execute read

7f5046b02000

page read and write

56072d347000

page read and write

7f5040021000

page read and write

7f503ffff000

page read and write

7f50464a3000

page read and write

56072d347000

page read and write

7f5045c9b000

page read and write

56072f35c000

page read and write

56072f345000

page execute and read and write

56072d0ed000

page execute read

7f5046b25000

page read and write

7f504717d000

page read and write

7f5046b02000

page read and write

7f5040021000

page read and write

56072d0ed000

page execute read

7f5047054000

page read and write

56072f35c000

page read and write

7f5047054000

page read and write

7f5040021000

page read and write

7f50471a1000

page read and write

7f5047054000

page read and write

7f4f4002e000

page execute read

7f5046535000

page read and write

7ffeb7dd5000

page execute read

56072d347000

page read and write

56072d0ed000

page execute read

7f5046b25000

page read and write

7f5046897000

page read and write

7f5046b02000

page read and write

7f50471e6000

page read and write

7f5045c9b000

page read and write

7ffeb7d8d000

page read and write

7f50471e6000

page read and write

7f503ffff000

page read and write

560730305000

page read and write

7f4f4003e000

page read and write

7f4f4002e000

page execute read

7f4f40036000

page read and write

7ffeb7dd5000

page execute read

7f5046c91000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
tarm7.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporttarm7.elf

Processes

Domains

IPs

Memdumps

IOC Report
tarm7.elf