IOC Report
nabmpsl.elf

loading gif

Files

File Path
Type
Category
Malicious
nabmpsl.elf
ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/tmp/qemu-open.0IVNR0 (deleted)
ASCII text
dropped
/tmp/qemu-open.0KTfNY (deleted)
ASCII text
dropped
/tmp/qemu-open.2H3RMZ (deleted)
ASCII text
dropped
/tmp/qemu-open.2OWc1Z (deleted)
ASCII text
dropped
/tmp/qemu-open.2zjjvX (deleted)
ASCII text
dropped
/tmp/qemu-open.33t3wW (deleted)
ASCII text
dropped
/tmp/qemu-open.4BOJ6Y (deleted)
ASCII text
dropped
/tmp/qemu-open.5BkDcX (deleted)
ASCII text
dropped
/tmp/qemu-open.7lEkBY (deleted)
ASCII text
dropped
/tmp/qemu-open.80KQKY (deleted)
ASCII text
dropped
/tmp/qemu-open.8FU0IY (deleted)
ASCII text
dropped
/tmp/qemu-open.8tNG6Y (deleted)
ASCII text
dropped
/tmp/qemu-open.9C4cFW (deleted)
ASCII text
dropped
/tmp/qemu-open.9c4n7Y (deleted)
ASCII text
dropped
/tmp/qemu-open.A20I2Y (deleted)
ASCII text
dropped
/tmp/qemu-open.AMoUE0 (deleted)
ASCII text
dropped
/tmp/qemu-open.CGZbLZ (deleted)
ASCII text
dropped
/tmp/qemu-open.DlE4QY (deleted)
ASCII text
dropped
/tmp/qemu-open.F6Ghf0 (deleted)
ASCII text
dropped
/tmp/qemu-open.GPeRQY (deleted)
ASCII text
dropped
/tmp/qemu-open.IeubVZ (deleted)
ASCII text
dropped
/tmp/qemu-open.IzEUu0 (deleted)
ASCII text
dropped
/tmp/qemu-open.JRcmDX (deleted)
ASCII text
dropped
/tmp/qemu-open.JycoH0 (deleted)
ASCII text
dropped
/tmp/qemu-open.KDYgz0 (deleted)
ASCII text
dropped
/tmp/qemu-open.Kcn70Z (deleted)
ASCII text
dropped
/tmp/qemu-open.Lok0d0 (deleted)
ASCII text
dropped
/tmp/qemu-open.MUpSu0 (deleted)
ASCII text
dropped
/tmp/qemu-open.MvIh7Z (deleted)
ASCII text
dropped
/tmp/qemu-open.PapBnW (deleted)
ASCII text
dropped
/tmp/qemu-open.Pxk6RY (deleted)
ASCII text
dropped
/tmp/qemu-open.QVyv0W (deleted)
ASCII text
dropped
/tmp/qemu-open.TgoT8Z (deleted)
ASCII text
dropped
/tmp/qemu-open.TrsmmX (deleted)
ASCII text
dropped
/tmp/qemu-open.UkXOYX (deleted)
ASCII text
dropped
/tmp/qemu-open.Vbtju0 (deleted)
ASCII text
dropped
/tmp/qemu-open.W9kol0 (deleted)
ASCII text
dropped
/tmp/qemu-open.Wwz9RX (deleted)
ASCII text
dropped
/tmp/qemu-open.Z4heGY (deleted)
ASCII text
dropped
/tmp/qemu-open.ZNhf4X (deleted)
ASCII text
dropped
/tmp/qemu-open.ZuTBZX (deleted)
ASCII text
dropped
/tmp/qemu-open.aQY4O0 (deleted)
ASCII text
dropped
/tmp/qemu-open.akdPeZ (deleted)
ASCII text
dropped
/tmp/qemu-open.b3QUxW (deleted)
ASCII text
dropped
/tmp/qemu-open.e6fmeY (deleted)
ASCII text
dropped
/tmp/qemu-open.ehCvDZ (deleted)
ASCII text
dropped
/tmp/qemu-open.fOZljW (deleted)
ASCII text
dropped
/tmp/qemu-open.fioxIX (deleted)
ASCII text
dropped
/tmp/qemu-open.g2UhD0 (deleted)
ASCII text
dropped
/tmp/qemu-open.g8B1oZ (deleted)
ASCII text
dropped
/tmp/qemu-open.gmhiCY (deleted)
ASCII text
dropped
/tmp/qemu-open.h3fgzW (deleted)
ASCII text
dropped
/tmp/qemu-open.hAhhRX (deleted)
ASCII text
dropped
/tmp/qemu-open.i2UjBX (deleted)
ASCII text
dropped
/tmp/qemu-open.lBObLY (deleted)
ASCII text
dropped
/tmp/qemu-open.lhJNRW (deleted)
ASCII text
dropped
/tmp/qemu-open.nX2H2Z (deleted)
ASCII text
dropped
/tmp/qemu-open.penHOY (deleted)
ASCII text
dropped
/tmp/qemu-open.qbf93X (deleted)
ASCII text
dropped
/tmp/qemu-open.sjB0r0 (deleted)
ASCII text
dropped
/tmp/qemu-open.t5KriW (deleted)
ASCII text
dropped
/tmp/qemu-open.uAA6DW (deleted)
ASCII text
dropped
/tmp/qemu-open.x9hTx0 (deleted)
ASCII text
dropped
/tmp/qemu-open.ycoJvW (deleted)
ASCII text
dropped
/tmp/qemu-open.ygM0CY (deleted)
ASCII text
dropped
/tmp/qemu-open.ynGllZ (deleted)
ASCII text
dropped
/tmp/qemu-open.zi8Bw0 (deleted)
ASCII text
dropped
/tmp/qemu-open.zqphFX (deleted)
ASCII text
dropped
There are 59 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/nabmpsl.elf
/tmp/nabmpsl.elf
/tmp/nabmpsl.elf
-
/tmp/nabmpsl.elf
-
/tmp/nabmpsl.elf
-
/tmp/nabmpsl.elf
-

URLs

Name
IP
Malicious
http:///wget.sh
unknown
http:///curl.sh
unknown

Domains

Name
IP
Malicious
yellowchink.pirate
45.156.86.24
 malicious
chinklabs.dyn
185.150.24.67
 malicious
burnthe.libre
45.156.86.24
 malicious
netfags.geek. [malformed]
unknown
 malicious

IPs

IP
Domain
Country
Malicious
45.156.86.24
yellowchink.pirate
Germany
malicious
44.236.156.4
unknown
United States
212.111.3.210
unknown
Czech Republic
77.209.109.56
unknown
Spain
81.73.10.210
unknown
Italy
144.216.234.155
unknown
United States
82.186.90.136
unknown
Italy
22.126.75.6
unknown
United States
14.254.98.79
unknown
Viet Nam
87.99.224.206
unknown
Sweden
166.60.254.75
unknown
United States
60.179.121.162
unknown
China
7.233.141.200
unknown
United States
13.56.23.55
unknown
United States
110.54.143.137
unknown
Philippines
173.35.33.12
unknown
Canada
115.227.251.169
unknown
China
78.129.218.34
unknown
United Kingdom
149.195.83.66
unknown
United Kingdom
37.221.144.247
unknown
Ukraine
40.180.184.236
unknown
United States
58.70.53.160
unknown
Japan
12.75.104.6
unknown
United States
85.163.19.125
unknown
Czech Republic
164.110.235.64
unknown
United States
63.27.171.228
unknown
United States
82.75.50.146
unknown
Netherlands
204.189.36.45
unknown
United States
1.240.59.57
unknown
Korea Republic of
214.50.76.154
unknown
United States
134.215.97.137
unknown
United States
31.46.180.171
unknown
Hungary
159.71.16.201
unknown
United States
141.248.166.80
unknown
United States
146.246.151.183
unknown
United States
184.175.210.186
unknown
United States
176.191.117.221
unknown
France
175.207.109.192
unknown
Korea Republic of
125.193.148.79
unknown
Japan
74.236.83.96
unknown
United States
22.13.169.254
unknown
United States
93.60.17.59
unknown
Italy
40.10.67.19
unknown
United States
198.86.46.60
unknown
United States
82.225.99.74
unknown
France
89.80.133.43
unknown
France
14.135.141.129
unknown
China
203.21.122.28
unknown
Australia
179.13.44.155
unknown
Colombia
75.52.14.54
unknown
United States
154.94.0.158
unknown
Seychelles
30.152.112.226
unknown
United States
169.119.95.215
unknown
United States
76.224.190.141
unknown
United States
125.183.249.139
unknown
Korea Republic of
40.222.230.112
unknown
United States
112.165.8.212
unknown
Korea Republic of
213.197.138.252
unknown
Lithuania
151.58.23.36
unknown
Italy
87.141.197.26
unknown
Germany
65.219.193.21
unknown
United States
218.19.201.1
unknown
China
210.243.95.81
unknown
Taiwan; Republic of China (ROC)
86.181.195.226
unknown
United Kingdom
214.9.34.118
unknown
United States
76.151.70.121
unknown
United States
75.5.212.119
unknown
United States
54.144.211.53
unknown
United States
29.240.244.12
unknown
United States
49.194.161.40
unknown
Australia
80.145.162.113
unknown
Germany
20.101.116.167
unknown
United States
212.157.43.28
unknown
France
78.46.37.121
unknown
Germany
20.39.135.179
unknown
United States
45.32.162.126
unknown
United States
216.87.25.255
unknown
Canada
78.187.2.83
unknown
Turkey
139.37.245.192
unknown
United States
79.159.95.89
unknown
Spain
17.251.187.39
unknown
United States
173.142.139.250
unknown
United States
88.24.171.123
unknown
Spain
125.2.135.34
unknown
Japan
164.56.42.139
unknown
United States
31.216.2.2
unknown
United Kingdom
75.113.180.214
unknown
United States
107.150.85.4
unknown
Sweden
52.37.133.172
unknown
United States
41.141.241.110
unknown
Morocco
195.37.193.78
unknown
Germany
118.92.29.172
unknown
New Zealand
114.103.87.182
unknown
China
71.99.52.223
unknown
United States
117.67.211.151
unknown
China
72.61.10.195
unknown
United States
126.236.238.182
unknown
Japan
6.102.151.237
unknown
United States
135.92.143.65
unknown
United States
101.134.79.205
unknown
China
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7faa9ea10000
page read and write
7ffe11bd6000
page execute read
7faa9e3d5000
page read and write
55ab4cbf6000
page execute read
55ab4ee86000
page execute and read and write
7faa9e706000
page read and write
55ab4ee9d000
page read and write
7faa9e3b8000
page read and write
7faa9dd36000
page read and write
7faa9d52e000
page read and write
55ab4ce7e000
page read and write
55ab50877000
page read and write
7faa98021000
page read and write
7faa98000000
page read and write
7ffe11bd6000
page execute read
7faa9ea10000
page read and write
7ffe11bbf000
page read and write
7faa98021000
page read and write
7faa9d52e000
page read and write
7faa9e3d5000
page read and write
7faa9e8e7000
page read and write
7faa9dd44000
page read and write
7faa9ea5d000
page read and write
7faa98000000
page read and write
55ab4cbf6000
page execute read
55ab4ee86000
page execute and read and write
55ab4ce88000
page read and write
7faa9ea18000
page read and write
55ab50877000
page read and write
7faa18450000
page read and write
7faa9e395000
page read and write
55ab4ee9d000
page read and write
7faa9dff4000
page read and write
7faa1840e000
page execute read
7faa9ea18000
page read and write
7faa9e3b8000
page read and write
7faa9e706000
page read and write
7faa9e395000
page read and write
7faa18450000
page read and write
7faa1844e000
page read and write
7faa1840e000
page execute read
7faa9dff4000
page read and write
55ab4ce88000
page read and write
7faa9e8e7000
page read and write
7faa1844e000
page read and write
7faa9dd36000
page read and write
7faa9ea5d000
page read and write
55ab4ce7e000
page read and write
7faa9dd44000
page read and write
7ffe11bbf000
page read and write
There are 40 hidden memdumps, click here to show them.