Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/Mozi.m.elf

IPs

Domain

Country

Malicious

109.202.202.202

unknown

Switzerland

Details

IP:	109.202.202.202
TargetID:	-1
Country:	Switzerland
Countrycode:	CHE
ASN number:	13030
ASN name:	INIT7CH
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.43

unknown

United Kingdom

Details

IP:	91.189.91.43
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

91.189.91.42

unknown

United Kingdom

Details

IP:	91.189.91.42
TargetID:	-1
Country:	United Kingdom
Countrycode:	GBR
ASN number:	41231
ASN name:	CANONICAL-ASGB
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7faa1dbf8000

page read and write

7faa1e23b000

page read and write

7faa18021000

page read and write

7faa1dbb8000

page read and write

7faa1e280000

page read and write

7fa9984c3000

page read and write

7faa1dbdb000

page read and write

7faa1cd51000

page read and write

55c838b66000

page execute and read and write

7faa1df29000

page read and write

7fa998422000

page execute read

55c838b7d000

page read and write

7faa1d559000

page read and write

7faa1e10a000

page read and write

55c836b5e000

page read and write

55c836b68000

page read and write

7faa1d817000

page read and write

7ffe002fd000

page read and write

7faa18000000

page read and write

55c8396a0000

page read and write

7faa1e233000

page read and write

55c8368d6000

page execute read

7ffe003db000

page execute read

7faa1d567000

page read and write

There are 14 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Mozi.m.elf

Processes

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMozi.m.elf

Processes

IPs

Memdumps

IOC Report
Mozi.m.elf