IOC Report
lIIKVQc5cj.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/lIIKVQc5cj.elf
/tmp/lIIKVQc5cj.elf
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.NFTAlYjTat /tmp/tmp.CawU0L4Sll /tmp/tmp.ZbPifuRcZD
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.NFTAlYjTat
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.NFTAlYjTat
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.NFTAlYjTat /tmp/tmp.CawU0L4Sll /tmp/tmp.ZbPifuRcZD
There are 11 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.25

IPs

IP
Domain
Country
Malicious
185.125.190.26
unknown
United Kingdom
34.254.182.186
unknown
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
7ffc2c9c3000
page read and write
7f43de149000
page read and write
560c3bea6000
page execute read
7f43dd153000
page read and write
7f43de69e000
page read and write
560c3efd7000
page read and write
7f42d8020000
page execute read
560c3c100000
page read and write
7f43dd9ed000
page read and write
7f43d8021000
page read and write
7f43ddfba000
page read and write
7f43ddd4f000
page read and write
7f43de659000
page read and write
7ffc2c9c7000
page execute read
7f43de32b000
page read and write
560c3e115000
page read and write
7f42d8028000
page read and write
7f43ddfdd000
page read and write
7f43de635000
page read and write
7f43d7fff000
page read and write
560c3c0f7000
page read and write
560c3e0ff000
page execute and read and write
7f43dd95b000
page read and write
7f43de50c000
page read and write
There are 14 hidden memdumps, click here to show them.