Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/arm.elf

Domains

Name

Malicious

193.84.71.119

unknown

Details

Name:	193.84.71.119
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

193.84.71.119

unknown

Poland

Details

IP:	193.84.71.119
TargetID:	-1
Country:	Poland
Countrycode:	POL
ASN number:	199478
ASN name:	RADIOCABLE-ASES
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

55fc349af000

page read and write

7ff565c45000

page read and write

55fc369cd000

page read and write

7ff565ab3000

page read and write

7ff46002d000

page read and write

55fc369cd000

page read and write

55fc3898b000

page read and write

7ff564f02000

page read and write

7ff565584000

page read and write

7ffcfacd8000

page read and write

7ff565ab3000

page read and write

7ff460024000

page execute read

7ff565561000

page read and write

7ff5656f0000

page read and write

7ff55ffff000

page read and write

7ff46002c000

page read and write

7ff565bdc000

page read and write

7ff564f02000

page read and write

7ff565561000

page read and write

7ffcfacd8000

page read and write

55fc3475e000

page execute read

55fc349af000

page read and write

7ff560021000

page read and write

7ff5658d2000

page read and write

7ff560021000

page read and write

7ff565c00000

page read and write

7ff564f94000

page read and write

55fc349af000

page read and write

7ff55ffff000

page read and write

7ff460024000

page execute read

55fc349b8000

page read and write

7ff565561000

page read and write

7ff46002c000

page read and write

7ff460024000

page execute read

7ff565c45000

page read and write

7ffcfad5c000

page execute read

7ff565ab3000

page read and write

7ff46002d000

page read and write

55fc3898b000

page read and write

7ff5658d2000

page read and write

7ff5652f6000

page read and write

55fc3475e000

page execute read

55fc3475e000

page execute read

55fc3898b000

page read and write

7ff565bdc000

page read and write

7ff5656f0000

page read and write

7ff46002d000

page read and write

7ff5658d2000

page read and write

7ff564f02000

page read and write

7ff5656f0000

page read and write

7ff565584000

page read and write

55fc369b6000

page execute and read and write

7ff564f94000

page read and write

7ff46002c000

page read and write

55fc349b8000

page read and write

55fc369cd000

page read and write

55fc369b6000

page execute and read and write

7ff565c00000

page read and write

7ffcfad5c000

page execute read

7ff560021000

page read and write

7ff565584000

page read and write

55fc369b6000

page execute and read and write

7ffcfacd8000

page read and write

55fc349b8000

page read and write

7ff5646fa000

page read and write

7ff5652f6000

page read and write

7ff5646fa000

page read and write

7ff5646fa000

page read and write

7ff565c45000

page read and write

7ff565bdc000

page read and write

7ff565c00000

page read and write

7ff5652f6000

page read and write

7ff564f94000

page read and write

7ffcfad5c000

page execute read

7ff55ffff000

page read and write

There are 65 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
arm.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportarm.elf

Processes

Domains

IPs

Memdumps

IOC Report
arm.elf