Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/86xklcDnGU.elf
|
/tmp/86xklcDnGU.elf
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/bin/sh
|
sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/86xklcDnGU.elf bin/busybox; chmod 777 bin/busybox"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/rm
|
rm -rf bin/busybox
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mkdir
|
mkdir bin
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mv
|
mv /tmp/86xklcDnGU.elf bin/busybox
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod 777 bin/busybox
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
||
|
/tmp/86xklcDnGU.elf
|
-
|
There are 27 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://104.244.74.231/sora.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&waninf=1_INTERNET_R_VID_154$
|
unknown
|
||
|
http://woshishabi.zzy.rip/x86
|
unknown
|
||
|
http://0.0.0.0/bins/sora.mips;
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://woshishabi.zzy.rip/wget.sh$
|
unknown
|
||
|
http://104.244.74.231/mips
|
unknown
|
||
|
http://104.244.74.231/x86
|
unknown
|
||
|
http://purenetworks.com/HNAP1/
|
unknown
|
||
|
http://104.244.74.231/jack5tr.selfrep.sh
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fc040036000
|
page execute read
|
 |
||
|
7fc040036000
|
page execute read
|
|
||
|
7fc040036000
|
page execute read
|
|
||
|
556d0fc3d000
|
page read and write
|
|||
|
7fc040046000
|
page read and write
|
|||
|
7fc144ecd000
|
page read and write
|
|||
|
7fc1459b7000
|
page read and write
|
|||
|
7fc145a04000
|
page read and write
|
|||
|
7fc04004b000
|
page read and write
|
|||
|
7fff0482c000
|
page read and write
|
|||
|
556d0c2c2000
|
page read and write
|
|||
|
7fc14588e000
|
page read and write
|
|||
|
7fc140021000
|
page read and write
|
|||
|
7fc144ebf000
|
page read and write
|
|||
|
7fc1459b7000
|
page read and write
|
|||
|
7fc14551e000
|
page read and write
|
|||
|
7fc14515c000
|
page read and write
|
|||
|
7fff0489d000
|
page execute read
|
|||
|
556d0fc3d000
|
page read and write
|
|||
|
7fc144ebf000
|
page read and write
|
|||
|
556d0c2b9000
|
page read and write
|
|||
|
556d0e2c0000
|
page execute and read and write
|
|||
|
7fc140000000
|
page read and write
|
|||
|
7fc040046000
|
page read and write
|
|||
|
556d0c2c2000
|
page read and write
|
|||
|
7fc145543000
|
page read and write
|
|||
|
7fc145543000
|
page read and write
|
|||
|
7fc14588e000
|
page read and write
|
|||
|
7fc145a04000
|
page read and write
|
|||
|
7fff0489d000
|
page execute read
|
|||
|
7fc1459b7000
|
page read and write
|
|||
|
7fc144ecd000
|
page read and write
|
|||
|
556d0e2d7000
|
page read and write
|
|||
|
556d0c08b000
|
page execute read
|
|||
|
7fc1459bf000
|
page read and write
|
|||
|
556d0e2c0000
|
page execute and read and write
|
|||
|
7fc14515c000
|
page read and write
|
|||
|
7fc145a04000
|
page read and write
|
|||
|
7fc1459bf000
|
page read and write
|
|||
|
7fc040067000
|
page read and write
|
|||
|
7fff0489d000
|
page execute read
|
|||
|
7fc14588e000
|
page read and write
|
|||
|
556d0e2c0000
|
page execute and read and write
|
|||
|
556d0c08b000
|
page execute read
|
|||
|
7fc144ebf000
|
page read and write
|
|||
|
7fc14515c000
|
page read and write
|
|||
|
7fff0482c000
|
page read and write
|
|||
|
7fc14551e000
|
page read and write
|
|||
|
7fc1446bc000
|
page read and write
|
|||
|
7fc144ecd000
|
page read and write
|
|||
|
7fc140000000
|
page read and write
|
|||
|
556d0c2b9000
|
page read and write
|
|||
|
7fc14551e000
|
page read and write
|
|||
|
556d0fc3d000
|
page read and write
|
|||
|
556d0c2b9000
|
page read and write
|
|||
|
7fc140000000
|
page read and write
|
|||
|
7fc140021000
|
page read and write
|
|||
|
7fc1459bf000
|
page read and write
|
|||
|
556d0c2c2000
|
page read and write
|
|||
|
7fc140021000
|
page read and write
|
|||
|
7fc145543000
|
page read and write
|
|||
|
7fc040046000
|
page read and write
|
|||
|
7fc1446bc000
|
page read and write
|
|||
|
7fff0482c000
|
page read and write
|
|||
|
556d0e2d7000
|
page read and write
|
|||
|
7fc04004b000
|
page read and write
|
|||
|
7fc1446bc000
|
page read and write
|
|||
|
7fc040066000
|
page read and write
|
|||
|
7fc04004b000
|
page read and write
|
|||
|
556d0c08b000
|
page execute read
|
|||
|
556d0e2d7000
|
page read and write
|
There are 61 hidden memdumps, click here to show them.