IOC Report
.i.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.3OVjAdqooj /tmp/tmp.XKVC8J1skC /tmp/tmp.y0Xee5IprZ
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.3OVjAdqooj
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.3OVjAdqooj
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.3OVjAdqooj /tmp/tmp.XKVC8J1skC /tmp/tmp.y0Xee5IprZ
/tmp/.i.elf
/tmp/.i.elf
There are 11 hidden processes, click here to show them.

IPs

IP
Domain
Country
Malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7f2405421000
page read and write
5643ecefa000
page execute read
7f2380115000
page execute read
5643ed182000
page read and write
7f2405a64000
page read and write
7f2405040000
page read and write
7f2405aa9000
page read and write
7f2400000000
page read and write
7f2405752000
page read and write
7ffd0eeef000
page read and write
7f2405a5c000
page read and write
7f24053e1000
page read and write
5643f0848000
page read and write
5643ef1a1000
page read and write
7f2400021000
page read and write
7f2405933000
page read and write
7ffd0ef58000
page execute read
7f2404d90000
page read and write
7f2404d82000
page read and write
5643ed18c000
page read and write
5643ef18a000
page execute and read and write
7f240457a000
page read and write
7f2405404000
page read and write
There are 13 hidden memdumps, click here to show them.