IOC Report
jklppc.elf

loading gif

Files

File Path
Type
Category
Malicious
jklppc.elf
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/tmp/qemu-open.0aLmSo (deleted)
ASCII text
dropped
/tmp/qemu-open.13GxZp (deleted)
ASCII text
dropped
/tmp/qemu-open.13avBm (deleted)
ASCII text
dropped
/tmp/qemu-open.1VacFm (deleted)
ASCII text
dropped
/tmp/qemu-open.1XJRoo (deleted)
ASCII text
dropped
/tmp/qemu-open.1v32Dn (deleted)
ASCII text
dropped
/tmp/qemu-open.1xwhNn (deleted)
ASCII text
dropped
/tmp/qemu-open.2UKDPn (deleted)
ASCII text
dropped
/tmp/qemu-open.2hVgJo (deleted)
ASCII text
dropped
/tmp/qemu-open.3Gayqp (deleted)
ASCII text
dropped
/tmp/qemu-open.3Rvgan (deleted)
ASCII text
dropped
/tmp/qemu-open.4yRDAo (deleted)
ASCII text
dropped
/tmp/qemu-open.5Mtk0m (deleted)
ASCII text
dropped
/tmp/qemu-open.6SMGPm (deleted)
ASCII text
dropped
/tmp/qemu-open.7CAEXp (deleted)
ASCII text
dropped
/tmp/qemu-open.7wztZp (deleted)
ASCII text
dropped
/tmp/qemu-open.96ocQn (deleted)
ASCII text
dropped
/tmp/qemu-open.9Il7hm (deleted)
ASCII text
dropped
/tmp/qemu-open.9bb68o (deleted)
ASCII text
dropped
/tmp/qemu-open.AfsNYm (deleted)
ASCII text
dropped
/tmp/qemu-open.Am3exq (deleted)
ASCII text
dropped
/tmp/qemu-open.CFwO5m (deleted)
ASCII text
dropped
/tmp/qemu-open.EzTjoq (deleted)
ASCII text
dropped
/tmp/qemu-open.F0Srqo (deleted)
ASCII text
dropped
/tmp/qemu-open.FFPNLm (deleted)
ASCII text
dropped
/tmp/qemu-open.FUwvQp (deleted)
ASCII text
dropped
/tmp/qemu-open.Fge4jp (deleted)
ASCII text
dropped
/tmp/qemu-open.GTG03p (deleted)
ASCII text
dropped
/tmp/qemu-open.HrrHMq (deleted)
ASCII text
dropped
/tmp/qemu-open.J5mSxn (deleted)
ASCII text
dropped
/tmp/qemu-open.J6e1bp (deleted)
ASCII text
dropped
/tmp/qemu-open.JxEGzo (deleted)
ASCII text
dropped
/tmp/qemu-open.KMxYpo (deleted)
ASCII text
dropped
/tmp/qemu-open.KxM2Bm (deleted)
ASCII text
dropped
/tmp/qemu-open.LodcHm (deleted)
ASCII text
dropped
/tmp/qemu-open.MOljZm (deleted)
ASCII text
dropped
/tmp/qemu-open.MSXNxp (deleted)
ASCII text
dropped
/tmp/qemu-open.NF0kBm (deleted)
ASCII text
dropped
/tmp/qemu-open.NYiu0p (deleted)
ASCII text
dropped
/tmp/qemu-open.Nr2aRo (deleted)
ASCII text
dropped
/tmp/qemu-open.OiINDm (deleted)
ASCII text
dropped
/tmp/qemu-open.PLfUon (deleted)
ASCII text
dropped
/tmp/qemu-open.PSfAup (deleted)
ASCII text
dropped
/tmp/qemu-open.Pm1Mkm (deleted)
ASCII text
dropped
/tmp/qemu-open.Py6COp (deleted)
ASCII text
dropped
/tmp/qemu-open.QE2eBo (deleted)
ASCII text
dropped
/tmp/qemu-open.QVxP6l (deleted)
ASCII text
dropped
/tmp/qemu-open.RzMz2n (deleted)
ASCII text
dropped
/tmp/qemu-open.TNBftm (deleted)
ASCII text
dropped
/tmp/qemu-open.TQAaAo (deleted)
ASCII text
dropped
/tmp/qemu-open.TfRM6l (deleted)
ASCII text
dropped
/tmp/qemu-open.TiARBm (deleted)
ASCII text
dropped
/tmp/qemu-open.X8XXyq (deleted)
ASCII text
dropped
/tmp/qemu-open.XD28ao (deleted)
ASCII text
dropped
/tmp/qemu-open.Xyj1sn (deleted)
ASCII text
dropped
/tmp/qemu-open.YMR3am (deleted)
ASCII text
dropped
/tmp/qemu-open.YNrGjo (deleted)
ASCII text
dropped
/tmp/qemu-open.YVPa4m (deleted)
ASCII text
dropped
/tmp/qemu-open.Z8jlLq (deleted)
ASCII text
dropped
/tmp/qemu-open.ZbVgrm (deleted)
ASCII text
dropped
/tmp/qemu-open.ZeJi2o (deleted)
ASCII text
dropped
/tmp/qemu-open.aItLTo (deleted)
ASCII text
dropped
/tmp/qemu-open.cfvQFn (deleted)
ASCII text
dropped
/tmp/qemu-open.dLFoKn (deleted)
ASCII text
dropped
/tmp/qemu-open.diTg2p (deleted)
ASCII text
dropped
/tmp/qemu-open.eu6myn (deleted)
ASCII text
dropped
/tmp/qemu-open.fB3FPo (deleted)
ASCII text
dropped
/tmp/qemu-open.fKvynm (deleted)
ASCII text
dropped
/tmp/qemu-open.hJAA9n (deleted)
ASCII text
dropped
/tmp/qemu-open.hN1wfo (deleted)
ASCII text
dropped
/tmp/qemu-open.htEs5m (deleted)
ASCII text
dropped
/tmp/qemu-open.hv4wgo (deleted)
ASCII text
dropped
/tmp/qemu-open.kjNdAq (deleted)
ASCII text
dropped
/tmp/qemu-open.kkYXPm (deleted)
ASCII text
dropped
/tmp/qemu-open.lGu7ro (deleted)
ASCII text
dropped
/tmp/qemu-open.lNc8Rm (deleted)
ASCII text
dropped
/tmp/qemu-open.mqjQGo (deleted)
ASCII text
dropped
/tmp/qemu-open.nkNrxp (deleted)
ASCII text
dropped
/tmp/qemu-open.nuK5Pn (deleted)
ASCII text
dropped
/tmp/qemu-open.o4iNYo (deleted)
ASCII text
dropped
/tmp/qemu-open.o9YsCp (deleted)
ASCII text
dropped
/tmp/qemu-open.oFfycm (deleted)
ASCII text
dropped
/tmp/qemu-open.phLf9m (deleted)
ASCII text
dropped
/tmp/qemu-open.ploIrn (deleted)
ASCII text
dropped
/tmp/qemu-open.rNtlZm (deleted)
ASCII text
dropped
/tmp/qemu-open.ropPTm (deleted)
ASCII text
dropped
/tmp/qemu-open.t6GhMq (deleted)
ASCII text
dropped
/tmp/qemu-open.tKOhxn (deleted)
ASCII text
dropped
/tmp/qemu-open.u1h5cq (deleted)
ASCII text
dropped
/tmp/qemu-open.u6E7yn (deleted)
ASCII text
dropped
/tmp/qemu-open.ujykiq (deleted)
ASCII text
dropped
/tmp/qemu-open.uvP0gn (deleted)
ASCII text
dropped
/tmp/qemu-open.vzcEPo (deleted)
ASCII text
dropped
/tmp/qemu-open.wUq4xm (deleted)
ASCII text
dropped
/tmp/qemu-open.wq6MLp (deleted)
ASCII text
dropped
/tmp/qemu-open.wqssIm (deleted)
ASCII text
dropped
/tmp/qemu-open.x3vg6l (deleted)
ASCII text
dropped
/tmp/qemu-open.xTqF7n (deleted)
ASCII text
dropped
/tmp/qemu-open.xk7eSo (deleted)
ASCII text
dropped
/tmp/qemu-open.xn8kap (deleted)
ASCII text
dropped
/tmp/qemu-open.xrKGnq (deleted)
ASCII text
dropped
/tmp/qemu-open.y1EFmp (deleted)
ASCII text
dropped
/tmp/qemu-open.z2b56m (deleted)
ASCII text
dropped
/tmp/qemu-open.zB8u2n (deleted)
ASCII text
dropped
/tmp/qemu-open.zGjMLp (deleted)
ASCII text
dropped
/tmp/qemu-open.zTt6uo (deleted)
ASCII text
dropped
/tmp/qemu-open.zXQBAq (deleted)
ASCII text
dropped
There are 98 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/jklppc.elf
/tmp/jklppc.elf
/tmp/jklppc.elf
-
/tmp/jklppc.elf
-
/tmp/jklppc.elf
-
/tmp/jklppc.elf
-

URLs

Name
IP
Malicious
http:///wget.sh
unknown
http:///curl.sh
unknown

Domains

Name
IP
Malicious
netfags.geek
45.156.86.24
 malicious
yellowchink.pirate
45.156.86.24
 malicious

IPs

IP
Domain
Country
Malicious
48.85.132.238
unknown
United States
213.29.127.146
unknown
Czech Republic
151.38.188.153
unknown
Italy
184.137.32.253
unknown
United States
188.255.191.249
unknown
Serbia
89.130.5.110
unknown
Spain
177.193.82.251
unknown
Brazil
115.106.223.179
unknown
China
72.182.117.10
unknown
United States
112.207.151.169
unknown
Philippines
217.54.207.138
unknown
Egypt
152.231.87.174
unknown
Chile
89.254.83.83
unknown
Norway
19.239.166.250
unknown
United States
222.118.200.76
unknown
Korea Republic of
162.76.205.242
unknown
United States
57.209.24.170
unknown
Belgium
155.28.153.159
unknown
United States
152.233.229.94
unknown
Brazil
190.128.48.79
unknown
Colombia
26.232.55.94
unknown
United States
189.183.246.122
unknown
Mexico
184.43.148.249
unknown
United States
16.136.206.26
unknown
United States
93.205.61.74
unknown
Germany
75.123.238.131
unknown
United States
108.255.121.88
unknown
United States
69.37.74.14
unknown
United States
104.86.251.54
unknown
United States
188.255.119.123
unknown
Russian Federation
220.83.238.145
unknown
Korea Republic of
177.157.224.133
unknown
Brazil
44.7.87.60
unknown
United States
12.237.171.121
unknown
United States
67.100.39.52
unknown
United States
190.40.159.252
unknown
Peru
119.53.61.170
unknown
China
211.15.92.66
unknown
Japan
207.219.96.5
unknown
Canada
163.28.131.180
unknown
Taiwan; Republic of China (ROC)
101.236.120.177
unknown
China
89.94.101.140
unknown
France
219.250.53.76
unknown
Korea Republic of
190.79.134.182
unknown
Venezuela
117.237.187.193
unknown
India
206.74.41.35
unknown
United States
109.73.24.36
unknown
Germany
209.219.73.203
unknown
United States
78.117.28.179
unknown
France
198.20.85.242
unknown
United States
97.120.157.145
unknown
United States
24.252.98.192
unknown
United States
170.226.28.149
unknown
United States
155.254.65.127
unknown
Canada
216.160.200.156
unknown
United States
190.72.15.45
unknown
Venezuela
46.97.232.36
unknown
Romania
196.123.162.234
unknown
Morocco
140.177.141.221
unknown
United States
40.99.120.99
unknown
United States
134.10.218.2
unknown
United States
76.183.56.113
unknown
United States
212.33.206.113
unknown
Iran (ISLAMIC Republic Of)
19.79.228.205
unknown
United States
54.133.106.63
unknown
United States
128.214.222.213
unknown
Finland
149.255.39.213
unknown
Netherlands
15.73.17.140
unknown
United States
32.191.38.214
unknown
United States
191.149.254.202
unknown
Colombia
180.93.75.45
unknown
Viet Nam
166.29.157.99
unknown
United States
135.117.63.24
unknown
United States
165.133.204.84
unknown
Korea Republic of
126.74.248.144
unknown
Japan
110.248.232.28
unknown
China
54.2.97.110
unknown
United States
161.108.29.10
unknown
United States
191.150.73.137
unknown
Colombia
29.96.52.139
unknown
United States
134.61.162.22
unknown
Germany
219.53.103.253
unknown
Japan
133.30.67.21
unknown
Japan
211.148.231.108
unknown
China
66.67.247.154
unknown
United States
189.60.231.55
unknown
Brazil
107.95.122.116
unknown
United States
35.120.186.88
unknown
United States
194.22.110.193
unknown
Sweden
182.138.85.198
unknown
China
63.179.1.103
unknown
United States
100.134.218.188
unknown
United States
22.140.1.67
unknown
United States
92.136.129.74
unknown
France
7.253.40.157
unknown
United States
161.249.2.175
unknown
United States
42.219.129.202
unknown
China
186.45.225.185
unknown
Trinidad and Tobago
179.42.3.13
unknown
unknown
130.27.218.144
unknown
United States
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f54d00b0000
page read and write
7f54c8000000
page read and write
7f54cfa2c000
page read and write
7f54d052c000
page read and write
5613bda8e000
page read and write
7f54c8000000
page read and write
7f54d0571000
page read and write
5613bda86000
page read and write
5613bda8e000
page read and write
7f54cfa3a000
page read and write
7f53d8020000
page read and write
7f54d052c000
page read and write
7f54cfcc9000
page read and write
7f54cfcc9000
page read and write
7f54d03fb000
page read and write
7f53d8022000
page read and write
7f54d0524000
page read and write
7f54c8021000
page read and write
5613bfaa2000
page read and write
7fff9d5e4000
page execute read
5613bfc2c000
page read and write
5613bd803000
page execute read
7f53d8022000
page read and write
7f54d0571000
page read and write
5613bd803000
page execute read
7f53d8010000
page execute read
7f54d008b000
page read and write
7fff9d5db000
page read and write
7f54d008b000
page read and write
7f53d8026000
page read and write
7f54cf229000
page read and write
7fff9d5e4000
page execute read
7f54d00b0000
page read and write
7f54cfa3a000
page read and write
7f54cfa2c000
page read and write
5613bda86000
page read and write
7f54d03fb000
page read and write
5613bfa8c000
page execute and read and write
7f54c8021000
page read and write
7f53d8010000
page execute read
7f54d0524000
page read and write
5613bfaa2000
page read and write
7fff9d5db000
page read and write
7f54cf229000
page read and write
5613bfc2c000
page read and write
5613bfa8c000
page execute and read and write
7f53d8020000
page read and write
There are 37 hidden memdumps, click here to show them.