IOC Report
bot.arm6.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/bot.arm6.elf
/tmp/bot.arm6.elf
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.hVhzNPsxYG /tmp/tmp.2IFDXLR9iv /tmp/tmp.6GHCyYx14c
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.hVhzNPsxYG
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.hVhzNPsxYG
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.hVhzNPsxYG /tmp/tmp.2IFDXLR9iv /tmp/tmp.6GHCyYx14c
There are 11 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.25

IPs

IP
Domain
Country
Malicious
54.171.230.55
unknown
United States
185.125.190.26
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7face4037000
page execute read
 malicious
7fadeabba000
page read and write
5595b3b16000
page read and write
7fadeab96000
page read and write
7fade4021000
page read and write
7fadea53e000
page read and write
7fff74a69000
page read and write
5595b5b2b000
page read and write
5595b3b0d000
page read and write
7fadeabff000
page read and write
7fadea2b0000
page read and write
7fadea88c000
page read and write
7fff74a8f000
page execute read
7fadeaa6d000
page read and write
7fade96b4000
page read and write
7fade3fff000
page read and write
5595b5b14000
page execute and read and write
7face4043000
page read and write
5595b6ae1000
page read and write
7fade9ebc000
page read and write
7fade9f4e000
page read and write
7fadea6aa000
page read and write
7face4048000
page read and write
5595b38bc000
page execute read
7fadea51b000
page read and write
There are 15 hidden memdumps, click here to show them.