IOC Report
na.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.dNKeMJUkpm /tmp/tmp.wYTgHWkUmy /tmp/tmp.sFbwEQ2ETz
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.dNKeMJUkpm
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.dNKeMJUkpm
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.dNKeMJUkpm /tmp/tmp.wYTgHWkUmy /tmp/tmp.sFbwEQ2ETz
/tmp/na.elf
/tmp/na.elf
There are 11 hidden processes, click here to show them.

IPs

IP
Domain
Country
Malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
55fec28aa000
page execute and read and write
7f80be59c000
page read and write
55fec3104000
page read and write
7f80b8021000
page read and write
7f80b8000000
page read and write
7f80bf270000
page read and write
7ffde79ab000
page execute read
7f80bebed000
page read and write
7f80bdd86000
page read and write
55fec08a2000
page read and write
7f8038422000
page execute read
7f80bec2d000
page read and write
7f80384c3000
page read and write
55fec08ac000
page read and write
7f80bf268000
page read and write
7ffde782c000
page read and write
7f80bef5e000
page read and write
7f80be58e000
page read and write
55fec061a000
page execute read
7f80bf2b5000
page read and write
7f80bec10000
page read and write
7f80be84c000
page read and write
7f80bf13f000
page read and write
55fec28c1000
page read and write
There are 14 hidden memdumps, click here to show them.