Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/bot.x86_64.elf

Domains

Name

Malicious

testprodad.duckdns.org

185.7.78.88

Details

Name:	testprodad.duckdns.org
IP:	185.7.78.88
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Uses dynamic DNS services	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

185.7.78.88

testprodad.duckdns.org

Netherlands

Details

IP:	185.7.78.88
TargetID:	-1
Country:	Netherlands
Countrycode:	NLD
ASN number:	43350
ASN name:	NFORCENL
Private:	false
Domain:	testprodad.duckdns.org

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Memdumps

Base Address

Regiontype

Protect

Malicious

419000

page execute read

Details

Name:	5486.1.0000000000400000.0000000000419000.r-x.sdmp
TargetID:	12
Dumpstage:	process exit
Protect:	page execute read
Base address:	419000
Size:	102400

Signature Hits	Behavior Group	Mitre Attack
Malicious sample detected (through community Yara rule)	System Summary
Yara detected Gafgyt	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Mirai	Stealing of Sensitive Information, Remote Access Functionality
Yara detected Okiru	Stealing of Sensitive Information, Remote Access Functionality
Yara signature match	System Summary

7ffc63ff9000

page read and write

adb000

page read and write

522000

page read and write

52a000

page read and write

7ffc63ffd000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
bot.x86_64.elf

Processes

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportbot.x86_64.elf

Processes

Domains

IPs

Memdumps

IOC Report
bot.x86_64.elf