IOC Report
splmips.elf

loading gif

Files

File Path
Type
Category
Malicious
splmips.elf
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/tmp/qemu-open.09LDs6 (deleted)
ASCII text
dropped
/tmp/qemu-open.0sXhN4 (deleted)
ASCII text
dropped
/tmp/qemu-open.5ALKm5 (deleted)
ASCII text
dropped
/tmp/qemu-open.5ib7A6 (deleted)
ASCII text
dropped
/tmp/qemu-open.5pPjm6 (deleted)
ASCII text
dropped
/tmp/qemu-open.6r2f94 (deleted)
ASCII text
dropped
/tmp/qemu-open.7ZEhM5 (deleted)
ASCII text
dropped
/tmp/qemu-open.9Ngri5 (deleted)
ASCII text
dropped
/tmp/qemu-open.AKorU4 (deleted)
ASCII text
dropped
/tmp/qemu-open.AOsvH4 (deleted)
ASCII text
dropped
/tmp/qemu-open.Ah4vV3 (deleted)
ASCII text
dropped
/tmp/qemu-open.B87K51 (deleted)
ASCII text
dropped
/tmp/qemu-open.CKmFA4 (deleted)
ASCII text
dropped
/tmp/qemu-open.Ez9iA3 (deleted)
ASCII text
dropped
/tmp/qemu-open.F0dkj4 (deleted)
ASCII text
dropped
/tmp/qemu-open.GLQ1n6 (deleted)
ASCII text
dropped
/tmp/qemu-open.I2AtK5 (deleted)
ASCII text
dropped
/tmp/qemu-open.I2qoI4 (deleted)
ASCII text
dropped
/tmp/qemu-open.J5maA4 (deleted)
ASCII text
dropped
/tmp/qemu-open.J5v1L4 (deleted)
ASCII text
dropped
/tmp/qemu-open.JzfCp3 (deleted)
ASCII text
dropped
/tmp/qemu-open.LlwIh3 (deleted)
ASCII text
dropped
/tmp/qemu-open.N3Fmy6 (deleted)
ASCII text
dropped
/tmp/qemu-open.NgWmU4 (deleted)
ASCII text
dropped
/tmp/qemu-open.NoCEw5 (deleted)
ASCII text
dropped
/tmp/qemu-open.O0zc01 (deleted)
ASCII text
dropped
/tmp/qemu-open.PtX945 (deleted)
ASCII text
dropped
/tmp/qemu-open.Q7j5S3 (deleted)
ASCII text
dropped
/tmp/qemu-open.Ta1Bf2 (deleted)
ASCII text
dropped
/tmp/qemu-open.TetVx3 (deleted)
ASCII text
dropped
/tmp/qemu-open.UtD6r2 (deleted)
ASCII text
dropped
/tmp/qemu-open.VLqP61 (deleted)
ASCII text
dropped
/tmp/qemu-open.X84F31 (deleted)
ASCII text
dropped
/tmp/qemu-open.Xcfln4 (deleted)
ASCII text
dropped
/tmp/qemu-open.Y7hO53 (deleted)
ASCII text
dropped
/tmp/qemu-open.ZF6mj6 (deleted)
ASCII text
dropped
/tmp/qemu-open.ZeG4p4 (deleted)
ASCII text
dropped
/tmp/qemu-open.Zrui55 (deleted)
ASCII text
dropped
/tmp/qemu-open.aHDXu5 (deleted)
ASCII text
dropped
/tmp/qemu-open.apE811 (deleted)
ASCII text
dropped
/tmp/qemu-open.e67KH3 (deleted)
ASCII text
dropped
/tmp/qemu-open.eN5F32 (deleted)
ASCII text
dropped
/tmp/qemu-open.fxHYv4 (deleted)
ASCII text
dropped
/tmp/qemu-open.g9xxY5 (deleted)
ASCII text
dropped
/tmp/qemu-open.gbzOO3 (deleted)
ASCII text
dropped
/tmp/qemu-open.iFOZt3 (deleted)
ASCII text
dropped
/tmp/qemu-open.ikizm3 (deleted)
ASCII text
dropped
/tmp/qemu-open.jpNYx2 (deleted)
ASCII text
dropped
/tmp/qemu-open.k59x02 (deleted)
ASCII text
dropped
/tmp/qemu-open.kKP3s2 (deleted)
ASCII text
dropped
/tmp/qemu-open.kiPyw6 (deleted)
ASCII text
dropped
/tmp/qemu-open.l8j1C4 (deleted)
ASCII text
dropped
/tmp/qemu-open.mTsH05 (deleted)
ASCII text
dropped
/tmp/qemu-open.md6Va3 (deleted)
ASCII text
dropped
/tmp/qemu-open.mogFN2 (deleted)
ASCII text
dropped
/tmp/qemu-open.o0BG12 (deleted)
ASCII text
dropped
/tmp/qemu-open.roVns3 (deleted)
ASCII text
dropped
/tmp/qemu-open.spYke2 (deleted)
ASCII text
dropped
/tmp/qemu-open.tAep61 (deleted)
ASCII text
dropped
/tmp/qemu-open.tPWl32 (deleted)
ASCII text
dropped
/tmp/qemu-open.u4vkV5 (deleted)
ASCII text
dropped
/tmp/qemu-open.uPYCp6 (deleted)
ASCII text
dropped
/tmp/qemu-open.vzDF13 (deleted)
ASCII text
dropped
/tmp/qemu-open.yGqUH2 (deleted)
ASCII text
dropped
/tmp/qemu-open.ynajZ5 (deleted)
ASCII text
dropped
/tmp/qemu-open.zHsfN4 (deleted)
ASCII text
dropped
There are 57 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/splmips.elf
/tmp/splmips.elf
/tmp/splmips.elf
-
/tmp/splmips.elf
-
/tmp/splmips.elf
-
/tmp/splmips.elf
-

URLs

Name
IP
Malicious
http:///wget.sh
unknown
http:///curl.sh
unknown

Domains

Name
IP
Malicious
netfags.geek
45.156.86.24
 malicious

IPs

IP
Domain
Country
Malicious
209.38.166.112
unknown
United States
197.174.174.84
unknown
South Africa
55.219.145.236
unknown
United States
206.53.47.184
unknown
United States
45.66.237.142
unknown
Romania
105.108.119.211
unknown
Algeria
170.194.214.97
unknown
United States
113.185.196.31
unknown
Viet Nam
99.183.136.70
unknown
United States
151.70.127.221
unknown
Italy
183.248.189.241
unknown
China
71.145.32.162
unknown
United States
173.95.207.188
unknown
United States
48.245.221.83
unknown
United States
93.235.6.211
unknown
Germany
178.182.168.254
unknown
Poland
108.143.220.205
unknown
United States
79.214.199.26
unknown
Germany
14.245.58.121
unknown
Viet Nam
109.146.98.212
unknown
United Kingdom
67.68.142.235
unknown
Canada
147.80.156.112
unknown
United States
196.186.132.68
unknown
Tunisia
114.202.122.49
unknown
Korea Republic of
91.206.85.152
unknown
United Kingdom
12.94.63.22
unknown
United States
73.94.1.143
unknown
United States
14.81.152.115
unknown
Korea Republic of
139.44.213.124
unknown
Australia
67.41.147.202
unknown
United States
96.51.49.166
unknown
Canada
133.73.119.79
unknown
Japan
55.170.97.229
unknown
United States
36.241.188.0
unknown
Japan
156.81.35.229
unknown
United States
123.175.114.107
unknown
China
200.71.243.189
unknown
Venezuela
122.222.44.194
unknown
Japan
9.142.224.140
unknown
United States
11.36.25.7
unknown
United States
76.134.86.38
unknown
United States
165.126.239.58
unknown
United States
171.39.252.172
unknown
China
70.173.5.212
unknown
United States
48.71.229.98
unknown
United States
136.129.21.121
unknown
United States
137.50.180.57
unknown
United Kingdom
37.0.186.197
unknown
Sweden
178.113.139.110
unknown
Austria
188.127.78.106
unknown
United Kingdom
123.90.234.156
unknown
China
223.60.188.255
unknown
Korea Republic of
41.211.111.201
unknown
Cameroon
222.244.139.36
unknown
China
12.135.225.64
unknown
United States
96.237.227.181
unknown
United States
112.229.143.34
unknown
China
84.185.233.201
unknown
Germany
16.59.251.22
unknown
United States
94.16.168.101
unknown
Switzerland
173.178.201.137
unknown
Canada
143.235.44.83
unknown
United States
105.218.190.247
unknown
South Africa
61.206.251.73
unknown
Japan
154.40.28.166
unknown
United States
222.6.213.224
unknown
Japan
35.86.203.162
unknown
United States
174.114.93.121
unknown
Canada
60.152.204.63
unknown
Japan
194.117.223.223
unknown
France
133.37.96.62
unknown
Japan
219.227.92.235
unknown
China
27.31.66.181
unknown
China
29.64.105.66
unknown
United States
187.181.185.72
unknown
Brazil
23.61.53.245
unknown
United States
63.221.22.192
unknown
United States
176.103.177.113
unknown
Latvia
109.206.204.149
unknown
Poland
147.13.131.22
unknown
Sweden
92.21.238.212
unknown
United Kingdom
75.17.93.151
unknown
United States
53.46.203.174
unknown
Germany
70.119.136.9
unknown
United States
136.97.147.23
unknown
United States
175.194.40.88
unknown
Korea Republic of
125.42.59.90
unknown
China
100.173.89.69
unknown
United States
4.210.118.18
unknown
United States
52.241.204.51
unknown
United States
194.82.57.61
unknown
United Kingdom
133.156.87.182
unknown
Japan
210.203.175.137
unknown
Thailand
64.119.143.185
unknown
United States
53.151.52.144
unknown
Germany
175.14.219.169
unknown
China
76.86.249.59
unknown
United States
58.7.228.165
unknown
Australia
25.66.5.101
unknown
United Kingdom
94.26.13.232
unknown
Bulgaria
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f3896155000
page read and write
7f3810456000
page read and write
7f3896155000
page read and write
7f3896b71000
page read and write
7f3896867000
page read and write
7f3896a48000
page read and write
7f3896b71000
page read and write
7f3895e97000
page read and write
7f3810454000
page read and write
7f3810454000
page read and write
55f16cefe000
page read and write
7f3890000000
page read and write
7ffc16d6d000
page execute read
55f168e79000
page execute read
7f3895ea5000
page read and write
7f3896519000
page read and write
55f168e79000
page execute read
7f3896519000
page read and write
7f389568f000
page read and write
7f3810456000
page read and write
55f169101000
page read and write
7f3896536000
page read and write
7f38964f6000
page read and write
55f16910b000
page read and write
7f3896b79000
page read and write
7f389568f000
page read and write
7f3896bbe000
page read and write
7f3810457000
page read and write
7f3896b79000
page read and write
55f16cefe000
page read and write
7f3890021000
page read and write
7f38964f6000
page read and write
7f3895e97000
page read and write
7ffc16c49000
page read and write
7f3896a48000
page read and write
7f3810414000
page execute read
7f3896867000
page read and write
7f3810414000
page execute read
55f16b109000
page execute and read and write
55f169101000
page read and write
55f16910b000
page read and write
7f3890000000
page read and write
55f16b120000
page read and write
7ffc16d6d000
page execute read
7f3895ea5000
page read and write
7f3890021000
page read and write
55f16b120000
page read and write
55f16b109000
page execute and read and write
7f3896536000
page read and write
7ffc16c49000
page read and write
7f3896bbe000
page read and write
There are 41 hidden memdumps, click here to show them.