IOC Report
205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf
/tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf
/tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf
-
/bin/sh
sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf bin/systemd; chmod 777 bin/systemd"
/bin/sh
-
/usr/bin/rm
rm -rf bin/systemd
/bin/sh
-
/usr/bin/mkdir
mkdir bin
/bin/sh
-
/usr/bin/mv
mv /tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf bin/systemd
/bin/sh
-
/usr/bin/chmod
chmod 777 bin/systemd
/tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf
-
/tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf
-
/tmp/205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf
-
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

Domains

Name
IP
Malicious
cnc.gay
92.249.48.34

IPs

IP
Domain
Country
Malicious
41.234.96.255
unknown
Egypt
malicious
41.183.96.183
unknown
South Africa
malicious
41.68.96.161
unknown
Egypt
malicious
197.226.240.41
unknown
Mauritius
malicious
156.20.119.34
unknown
United States
156.133.93.225
unknown
Luxembourg
9.223.8.50
unknown
United States
197.128.56.90
unknown
Morocco
198.103.158.78
unknown
Canada
83.228.98.168
unknown
Bulgaria
41.195.197.46
unknown
South Africa
156.220.30.169
unknown
Egypt
68.161.243.145
unknown
United States
41.252.107.130
unknown
Libyan Arab Jamahiriya
124.13.161.188
unknown
Malaysia
41.3.198.130
unknown
South Africa
71.188.228.251
unknown
United States
41.42.142.153
unknown
Egypt
156.111.235.33
unknown
United States
188.111.69.4
unknown
Germany
197.141.53.52
unknown
Algeria
63.51.241.241
unknown
United States
151.6.129.222
unknown
Italy
156.157.72.101
unknown
Tanzania United Republic of
41.77.133.204
unknown
Mozambique
41.136.103.46
unknown
Mauritius
101.121.190.194
unknown
China
40.178.244.33
unknown
United States
156.177.147.132
unknown
Egypt
197.163.98.199
unknown
Egypt
123.26.155.0
unknown
Viet Nam
41.64.233.18
unknown
Egypt
41.201.35.234
unknown
Algeria
41.122.162.173
unknown
South Africa
156.158.196.203
unknown
Tanzania United Republic of
197.5.249.183
unknown
Tunisia
93.205.85.55
unknown
Germany
41.42.189.142
unknown
Egypt
205.104.205.25
unknown
United States
164.216.158.226
unknown
United States
197.33.36.98
unknown
Egypt
197.46.218.187
unknown
Egypt
41.138.189.37
unknown
Nigeria
71.175.217.121
unknown
United States
156.80.44.70
unknown
United States
78.9.199.80
unknown
Poland
197.73.132.132
unknown
South Africa
197.66.178.249
unknown
South Africa
156.56.161.32
unknown
United States
197.199.166.224
unknown
Egypt
41.216.51.157
unknown
Benin
197.70.186.122
unknown
South Africa
41.152.25.8
unknown
Egypt
156.158.49.71
unknown
Tanzania United Republic of
31.116.237.207
unknown
United Kingdom
197.109.134.79
unknown
South Africa
156.147.203.81
unknown
Korea Republic of
156.82.101.9
unknown
United States
197.51.152.187
unknown
Egypt
177.23.73.28
unknown
Brazil
156.177.147.156
unknown
Egypt
47.65.185.66
unknown
United States
119.11.209.186
unknown
Indonesia
156.118.112.80
unknown
France
156.3.38.235
unknown
United States
156.42.234.48
unknown
United States
41.157.117.190
unknown
South Africa
119.2.141.215
unknown
China
41.196.201.7
unknown
Egypt
41.143.128.30
unknown
Morocco
156.32.205.251
unknown
United States
14.197.171.123
unknown
China
41.219.142.92
unknown
Nigeria
197.8.143.233
unknown
Tunisia
156.68.234.135
unknown
United States
107.89.110.43
unknown
United States
41.102.102.228
unknown
Algeria
156.102.120.186
unknown
United States
197.223.200.125
unknown
Egypt
41.232.91.223
unknown
Egypt
156.238.223.130
unknown
Seychelles
41.228.193.51
unknown
Tunisia
156.177.147.172
unknown
Egypt
184.122.149.149
unknown
United States
197.75.233.73
unknown
South Africa
92.145.212.213
unknown
France
41.83.192.150
unknown
Senegal
41.3.47.166
unknown
South Africa
156.67.35.71
unknown
United Kingdom
41.138.165.60
unknown
Nigeria
41.113.13.21
unknown
South Africa
41.240.170.19
unknown
Sudan
41.154.124.188
unknown
South Africa
41.253.208.23
unknown
Libyan Arab Jamahiriya
53.18.116.98
unknown
Germany
41.186.146.45
unknown
Rwanda
156.99.254.147
unknown
United States
20.136.56.48
unknown
United States
41.195.174.129
unknown
South Africa
104.70.4.243
unknown
United States
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f81a8410000
page execute read
 malicious
7f822e545000
page read and write
7f822d6be000
page read and write
55e17c80a000
page execute read
55e180967000
page read and write
7f822e9c1000
page read and write
7f822decf000
page read and write
7f822e15e000
page read and write
7f822e9b9000
page read and write
7f822dec1000
page read and write
7f81a8423000
page read and write
7f822ea06000
page read and write
55e17ea26000
page execute and read and write
55e17ea3d000
page read and write
55e17ca20000
page read and write
7f822e890000
page read and write
7ffe00efc000
page execute read
7f8228000000
page read and write
7f822e520000
page read and write
7f81a8420000
page read and write
7ffe00ecb000
page read and write
55e17ca28000
page read and write
7f8228021000
page read and write
There are 13 hidden memdumps, click here to show them.