Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/tmp/pXdN91.armv4l.elf

URLs

Name

Malicious

154.213.187.14:13387

Details

Name:	154.213.187.14:13387
TargetID:	0
From Memory:	false
Source:	config extractor

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Suricata IDS alerts with low severity for network traffic	Networking

Domains

Name

Malicious

daisy.ubuntu.com

162.213.35.25

Details

Name:	daisy.ubuntu.com
IP:	162.213.35.25
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

154.213.187.14

unknown

Seychelles

Details

IP:	154.213.187.14
TargetID:	-1
Country:	Seychelles
Countrycode:	SYC
ASN number:	22769
ASN name:	DDOSING-BGP-NETWORKUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Suricata IDS alerts for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Suricata IDS alerts with low severity for network traffic	Networking
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

7efd4402d000

page execute read

7efd4402d000

page execute read

7efe4ab2d000

page read and write

7efe4aa9b000

page read and write

7efe43fff000

page read and write

5588e76a6000

page read and write

7efe4ae8f000

page read and write

7efd4403c000

page read and write

7efe4b11d000

page read and write

7efe44021000

page read and write

7efe4b289000

page read and write

5588e96ad000

page execute and read and write

7efe4b7de000

page read and write

5588e7455000

page execute read

7efe4b11d000

page read and write

5588e96c4000

page read and write

5588e96ad000

page execute and read and write

7efe4b46b000

page read and write

7efe4b64c000

page read and write

5588e9c22000

page read and write

7efe4ae8f000

page read and write

7efd44036000

page read and write

5588e7455000

page execute read

7efd4403c000

page read and write

5588e9c22000

page read and write

7efe4b0fa000

page read and write

5588e76af000

page read and write

7efe4a293000

page read and write

7efe4ab2d000

page read and write

5588e96c4000

page read and write

5588e76a6000

page read and write

7efe4aa9b000

page read and write

7efe4b799000

page read and write

7fffe77e9000

page read and write

7efe4b0fa000

page read and write

7fffe77e9000

page read and write

7efe44021000

page read and write

7efe4b799000

page read and write

5588e76af000

page read and write

7efe4b46b000

page read and write

7efe4b289000

page read and write

7efe4a293000

page read and write

7efe43fff000

page read and write

7fffe7800000

page execute read

7efe4b64c000

page read and write

7fffe7800000

page execute read

7efe4b775000

page read and write

7efe4b775000

page read and write

7efe4b7de000

page read and write

7efd44036000

page read and write

There are 40 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
pXdN91.armv4l.elf

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportpXdN91.armv4l.elf

Processes

URLs

Domains

IPs

Memdumps

IOC Report
pXdN91.armv4l.elf