Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/cN7jzEkjeq.elf
|
/tmp/cN7jzEkjeq.elf
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/bin/sh
|
/bin/sh -c "rm -rf bin/busybox && mkdir bin; >bin/busybox && mv /tmp/cN7jzEkjeq.elf bin/busybox; chmod 777 \\xff\\xf0\\xfb\\xffbin/busybox\\xc8\\xfb\\xff\\xe8\\xfb\\xff\\xfc\\xff\\xb8\\xb0A"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/rm
|
rm -rf bin/busybox
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mkdir
|
mkdir bin
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mv
|
mv /tmp/cN7jzEkjeq.elf bin/busybox
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod 777 \\xff\\xf0\\xfb\\xffbin/busybox\\xc8\\xfb\\xff\\xe8\\xfb\\xff\\xfc\\xff\\xb8\\xb0A
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
||
|
/tmp/cN7jzEkjeq.elf
|
-
|
There are 27 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://104.244.74.231/sora.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%27/&waninf=1_INTERNET_R_VID_154$
|
unknown
|
||
|
http://woshishabi.zzy.rip/x86
|
unknown
|
||
|
http://0.0.0.0/bins/sora.mips;
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://woshishabi.zzy.rip/wget.sh$
|
unknown
|
||
|
http://104.244.74.231/mips
|
unknown
|
||
|
http://104.244.74.231/x86
|
unknown
|
||
|
http://purenetworks.com/HNAP1/
|
unknown
|
||
|
http://104.244.74.231/jack5tr.selfrep.sh
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fe4ac421000
|
page execute read
|
 |
||
|
7fe4ac421000
|
page execute read
|
|
||
|
7fe4ac421000
|
page execute read
|
|
||
|
55cc795dc000
|
page read and write
|
|||
|
7fe52c000000
|
page read and write
|
|||
|
7fe5347af000
|
page read and write
|
|||
|
7fe5352e6000
|
page read and write
|
|||
|
7fe535299000
|
page read and write
|
|||
|
7fe52c021000
|
page read and write
|
|||
|
55cc795dc000
|
page read and write
|
|||
|
7fe534e00000
|
page read and write
|
|||
|
7fe534e00000
|
page read and write
|
|||
|
55cc795c5000
|
page execute and read and write
|
|||
|
7fe5347af000
|
page read and write
|
|||
|
7fe4ac436000
|
page read and write
|
|||
|
7fe534e25000
|
page read and write
|
|||
|
7fe5347a1000
|
page read and write
|
|||
|
7fe4ac431000
|
page read and write
|
|||
|
7fe533f9e000
|
page read and write
|
|||
|
7ffdd7a66000
|
page read and write
|
|||
|
55cc775bf000
|
page read and write
|
|||
|
7fe533f9e000
|
page read and write
|
|||
|
7fe4ac452000
|
page read and write
|
|||
|
7ffdd7a86000
|
page execute read
|
|||
|
55cc775c7000
|
page read and write
|
|||
|
7fe5347a1000
|
page read and write
|
|||
|
55cc7a538000
|
page read and write
|
|||
|
7fe52c000000
|
page read and write
|
|||
|
55cc7a538000
|
page read and write
|
|||
|
7fe52c021000
|
page read and write
|
|||
|
7fe5352a1000
|
page read and write
|
|||
|
7fe535170000
|
page read and write
|
|||
|
7fe5347af000
|
page read and write
|
|||
|
7fe534e25000
|
page read and write
|
|||
|
7fe534a3e000
|
page read and write
|
|||
|
55cc795dc000
|
page read and write
|
|||
|
7fe4ac431000
|
page read and write
|
|||
|
7fe5352e6000
|
page read and write
|
|||
|
7fe5352a1000
|
page read and write
|
|||
|
7fe534a3e000
|
page read and write
|
|||
|
7ffdd7a66000
|
page read and write
|
|||
|
7fe533f9e000
|
page read and write
|
|||
|
7fe4ac436000
|
page read and write
|
|||
|
55cc775c7000
|
page read and write
|
|||
|
55cc795c5000
|
page execute and read and write
|
|||
|
7ffdd7a66000
|
page read and write
|
|||
|
7fe52c021000
|
page read and write
|
|||
|
7fe5352e6000
|
page read and write
|
|||
|
7fe5352a1000
|
page read and write
|
|||
|
7fe535170000
|
page read and write
|
|||
|
55cc773a9000
|
page execute read
|
|||
|
55cc775bf000
|
page read and write
|
|||
|
55cc775bf000
|
page read and write
|
|||
|
7fe535299000
|
page read and write
|
|||
|
7fe52c000000
|
page read and write
|
|||
|
7fe535299000
|
page read and write
|
|||
|
55cc773a9000
|
page execute read
|
|||
|
7fe535170000
|
page read and write
|
|||
|
55cc773a9000
|
page execute read
|
|||
|
7fe4ac431000
|
page read and write
|
|||
|
7fe4ac436000
|
page read and write
|
|||
|
7ffdd7a86000
|
page execute read
|
|||
|
7fe5347a1000
|
page read and write
|
|||
|
7fe534e00000
|
page read and write
|
|||
|
55cc775c7000
|
page read and write
|
|||
|
55cc7a538000
|
page read and write
|
|||
|
7fe534a3e000
|
page read and write
|
|||
|
7fe4ac44e000
|
page read and write
|
|||
|
7ffdd7a86000
|
page execute read
|
|||
|
55cc795c5000
|
page execute and read and write
|
|||
|
7fe534e25000
|
page read and write
|
There are 61 hidden memdumps, click here to show them.