Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/tftp.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

5591ba323000

page read and write

7ffec3e5a000

page read and write

7f69f35a7000

page read and write

7f68ec088000

page read and write

5591b6ad9000

page read and write

7f69f333c000

page read and write

7f68ec07c000

page read and write

7f69f3918000

page read and write

5591b8af7000

page read and write

7f69f3736000

page read and write

5591b6888000

page execute read

7f69ec021000

page read and write

7f69f2fda000

page read and write

7f69f3c22000

page read and write

7ffec3e62000

page execute read

7f69f2740000

page read and write

7f69f2f48000

page read and write

5591b8ae1000

page execute and read and write

7f69f35ca000

page read and write

7f68ec072000

page execute read

7f69f3c8b000

page read and write

7f69f3af9000

page read and write

5591b6ae2000

page read and write

7f69f3c46000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
tftp.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporttftp.elf

Processes

IPs

Memdumps

IOC Report
tftp.elf