Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
nabsh4.elf
|
ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/tmp/qemu-open.0kWGLV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.1QjSHW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.1zDW4V (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.3lrzrV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.4RO0uX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.4Zog6U (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.5RCDCU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.6ckC5T (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.7um5LV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.849mxX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.9Gm4vV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.AEK5MX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.ApV7hV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.AqHMHV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.ArZN4U (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.AuChXT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.E3LfzX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.EKjrmX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.EVDmFV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.G7pVVU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.GIof7W (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.HFHlrW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.I6mS9V (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.IQYYlU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Jf7KkX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Ksh6mV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.LvQjGT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.M6WULV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.NM1mKU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.NSZkzU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Nc5v9U (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.OSh5WV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.OUrXYT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.OWcX6W (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.OrDoeW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.OsJCdU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.P3ymBT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.PfbqXV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Poe4CV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.R8DQAV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.SXdVGV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Tjaj5T (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.UjZRJX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Wgp6uW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.XZ83jW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Xy2vcU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.YjBubX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.ZjFfNT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.ZjxQFW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.aqE8tT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.axqw3T (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.bCnXxV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.eRUbIW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.fiH2tV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.gEu0QU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.gPVqjX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.hnwqnU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.hu6jPW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.iD7G4V (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.jM4VXW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.kKaNJW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.l112sW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.lAQ38T (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.livlAU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.mT75EX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.mZo6lT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.mgvHEU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.nRYPJX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.nmXrvW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.nx5YmU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.o2543W (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.oL6KBV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.p07DhV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.p89WxU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.pCSWrW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.qBrUlV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.qXSQtX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.qeryDU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.tDy2NU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.tLJ0HU (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.thV5yW (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.uvFfuV (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.vzFfCX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.xBFggX (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.xnvdtT (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.z9yk2U (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.zVdVfW (deleted)
|
ASCII text
|
dropped
|
There are 78 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/nabsh4.elf
|
/tmp/nabsh4.elf
|
||
|
/tmp/nabsh4.elf
|
-
|
||
|
/tmp/nabsh4.elf
|
-
|
||
|
/tmp/nabsh4.elf
|
-
|
||
|
/tmp/nabsh4.elf
|
-
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http:///wget.sh
|
unknown
|
||
|
http:///curl.sh
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
yellowchink.pirate
|
45.156.86.24
|
|
|
|
chinklabs.dyn
|
185.150.24.67
|
|
|
|
burnthe.libre
|
45.156.86.24
|
|
|
|
chinklabs.dyn. [malformed]
|
unknown
|
|
|
|
netfags.geek. [malformed]
|
unknown
|
|
|
|
burnthe.libre. [malformed]
|
unknown
|
|
|
|
yellowchink.pirate. [malformed]
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.156.86.24
|
yellowchink.pirate
|
Germany
|
|
|
|
151.204.140.138
|
unknown
|
United States
|
||
|
93.171.31.34
|
unknown
|
Czech Republic
|
||
|
58.232.207.227
|
unknown
|
Korea Republic of
|
||
|
16.140.23.20
|
unknown
|
United States
|
||
|
146.185.76.208
|
unknown
|
Switzerland
|
||
|
171.14.40.159
|
unknown
|
China
|
||
|
151.73.17.195
|
unknown
|
Italy
|
||
|
130.64.185.195
|
unknown
|
United States
|
||
|
152.167.51.199
|
unknown
|
Dominican Republic
|
||
|
197.242.189.96
|
unknown
|
Mauritius
|
||
|
219.65.220.214
|
unknown
|
India
|
||
|
118.55.224.132
|
unknown
|
Korea Republic of
|
||
|
199.126.100.208
|
unknown
|
Canada
|
||
|
54.207.92.6
|
unknown
|
United States
|
||
|
82.180.241.181
|
unknown
|
Denmark
|
||
|
193.18.119.100
|
unknown
|
Germany
|
||
|
182.19.72.135
|
unknown
|
India
|
||
|
213.0.46.220
|
unknown
|
Spain
|
||
|
105.55.134.177
|
unknown
|
Kenya
|
||
|
218.172.87.236
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
144.40.125.136
|
unknown
|
United States
|
||
|
190.69.179.18
|
unknown
|
Colombia
|
||
|
77.124.0.70
|
unknown
|
Israel
|
||
|
162.229.250.218
|
unknown
|
United States
|
||
|
198.255.90.75
|
unknown
|
United States
|
||
|
31.30.53.24
|
unknown
|
Czech Republic
|
||
|
140.237.182.84
|
unknown
|
China
|
||
|
41.152.98.66
|
unknown
|
Egypt
|
||
|
204.189.83.33
|
unknown
|
United States
|
||
|
115.225.90.227
|
unknown
|
China
|
||
|
79.18.53.123
|
unknown
|
Italy
|
||
|
31.235.121.150
|
unknown
|
Germany
|
||
|
132.49.104.132
|
unknown
|
United States
|
||
|
133.195.153.32
|
unknown
|
Japan
|
||
|
90.52.76.146
|
unknown
|
France
|
||
|
156.223.218.255
|
unknown
|
Egypt
|
||
|
103.58.75.216
|
unknown
|
Bangladesh
|
||
|
40.107.50.134
|
unknown
|
United States
|
||
|
150.199.95.184
|
unknown
|
United States
|
||
|
43.149.162.219
|
unknown
|
Japan
|
||
|
100.228.24.239
|
unknown
|
United States
|
||
|
84.124.216.41
|
unknown
|
Spain
|
||
|
78.111.215.15
|
unknown
|
Ukraine
|
||
|
55.105.208.180
|
unknown
|
United States
|
||
|
53.205.58.16
|
unknown
|
Germany
|
||
|
100.28.164.72
|
unknown
|
United States
|
||
|
17.74.42.106
|
unknown
|
United States
|
||
|
23.180.255.67
|
unknown
|
Reserved
|
||
|
201.2.222.178
|
unknown
|
Brazil
|
||
|
73.108.189.126
|
unknown
|
United States
|
||
|
107.226.99.126
|
unknown
|
United States
|
||
|
163.32.21.94
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
179.218.140.184
|
unknown
|
Brazil
|
||
|
116.189.204.118
|
unknown
|
China
|
||
|
212.84.126.16
|
unknown
|
United Kingdom
|
||
|
108.163.1.36
|
unknown
|
United States
|
||
|
185.145.107.114
|
unknown
|
Ukraine
|
||
|
91.255.202.36
|
unknown
|
Italy
|
||
|
62.125.94.129
|
unknown
|
United Kingdom
|
||
|
187.211.14.149
|
unknown
|
Mexico
|
||
|
186.116.115.211
|
unknown
|
Colombia
|
||
|
200.33.13.222
|
unknown
|
Mexico
|
||
|
83.70.125.225
|
unknown
|
Ireland
|
||
|
86.39.163.0
|
unknown
|
Belgium
|
||
|
134.253.8.243
|
unknown
|
United States
|
||
|
178.163.224.83
|
unknown
|
Belarus
|
||
|
68.132.116.178
|
unknown
|
United States
|
||
|
29.170.240.213
|
unknown
|
United States
|
||
|
135.141.191.188
|
unknown
|
United States
|
||
|
66.178.70.134
|
unknown
|
United States
|
||
|
223.25.193.63
|
unknown
|
Thailand
|
||
|
63.214.231.140
|
unknown
|
United States
|
||
|
111.248.17.4
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
9.194.20.120
|
unknown
|
United States
|
||
|
2.89.50.101
|
unknown
|
Saudi Arabia
|
||
|
12.114.229.148
|
unknown
|
United States
|
||
|
112.230.155.114
|
unknown
|
China
|
||
|
218.38.228.227
|
unknown
|
Korea Republic of
|
||
|
21.135.66.192
|
unknown
|
United States
|
||
|
51.118.52.72
|
unknown
|
United States
|
||
|
27.40.227.17
|
unknown
|
China
|
||
|
71.252.25.122
|
unknown
|
United States
|
||
|
37.22.97.236
|
unknown
|
Russian Federation
|
||
|
117.50.70.200
|
unknown
|
China
|
||
|
1.203.144.50
|
unknown
|
China
|
||
|
23.191.175.91
|
unknown
|
Reserved
|
||
|
65.22.22.233
|
unknown
|
United States
|
||
|
9.138.195.222
|
unknown
|
United States
|
||
|
207.105.130.130
|
unknown
|
United States
|
||
|
104.145.80.131
|
unknown
|
United States
|
||
|
93.23.255.104
|
unknown
|
France
|
||
|
158.87.24.8
|
unknown
|
United States
|
||
|
74.60.1.252
|
unknown
|
United States
|
||
|
126.245.175.118
|
unknown
|
Japan
|
||
|
1.235.182.48
|
unknown
|
Korea Republic of
|
||
|
214.127.88.143
|
unknown
|
United States
|
||
|
45.152.29.133
|
unknown
|
United Kingdom
|
||
|
111.171.70.226
|
unknown
|
Korea Republic of
|
||
|
93.83.73.16
|
unknown
|
Austria
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
55a15d1a2000
|
page read and write
|
|||
|
55a15cf8c000
|
page execute read
|
|||
|
7fc60040a000
|
page execute read
|
|||
|
55a15cf8c000
|
page execute read
|
|||
|
7fc685ebd000
|
page read and write
|
|||
|
7fc6853bd000
|
page read and write
|
|||
|
7fc685eb5000
|
page read and write
|
|||
|
7fc6853cb000
|
page read and write
|
|||
|
55a15d1aa000
|
page read and write
|
|||
|
7fc684bba000
|
page read and write
|
|||
|
7fc60041a000
|
page read and write
|
|||
|
55a15f1bf000
|
page read and write
|
|||
|
7fc685f02000
|
page read and write
|
|||
|
7fc68565a000
|
page read and write
|
|||
|
7fc6853bd000
|
page read and write
|
|||
|
7fc60040a000
|
page execute read
|
|||
|
7fc685eb5000
|
page read and write
|
|||
|
7fc60041a000
|
page read and write
|
|||
|
7fc685ebd000
|
page read and write
|
|||
|
7ffc509f6000
|
page execute read
|
|||
|
7fc685a1c000
|
page read and write
|
|||
|
55a15f854000
|
page read and write
|
|||
|
7fc60041c000
|
page read and write
|
|||
|
55a15f854000
|
page read and write
|
|||
|
7fc685a1c000
|
page read and write
|
|||
|
7fc680021000
|
page read and write
|
|||
|
7ffc50818000
|
page read and write
|
|||
|
55a15f1bf000
|
page read and write
|
|||
|
55a15d1a2000
|
page read and write
|
|||
|
7fc685a41000
|
page read and write
|
|||
|
7fc680000000
|
page read and write
|
|||
|
7fc685d8c000
|
page read and write
|
|||
|
55a15f1a8000
|
page execute and read and write
|
|||
|
55a15d1aa000
|
page read and write
|
|||
|
7ffc509f6000
|
page execute read
|
|||
|
7fc680000000
|
page read and write
|
|||
|
7fc684bba000
|
page read and write
|
|||
|
55a15f1a8000
|
page execute and read and write
|
|||
|
7fc6853cb000
|
page read and write
|
|||
|
7fc60041c000
|
page read and write
|
|||
|
7fc685f02000
|
page read and write
|
|||
|
7fc685a41000
|
page read and write
|
|||
|
7fc685d8c000
|
page read and write
|
|||
|
7fc680021000
|
page read and write
|
|||
|
7ffc50818000
|
page read and write
|
|||
|
7fc68565a000
|
page read and write
|
There are 36 hidden memdumps, click here to show them.