IOC Report
nabm68k.elf

loading gif

Files

File Path
Type
Category
Malicious
nabm68k.elf
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/tmp/qemu-open.00kV8E (deleted)
ASCII text
dropped
/tmp/qemu-open.0YDZcF (deleted)
ASCII text
dropped
/tmp/qemu-open.2BaNjD (deleted)
ASCII text
dropped
/tmp/qemu-open.4MTGeD (deleted)
ASCII text
dropped
/tmp/qemu-open.4cqARE (deleted)
ASCII text
dropped
/tmp/qemu-open.6Um8XC (deleted)
ASCII text
dropped
/tmp/qemu-open.7DMPoG (deleted)
ASCII text
dropped
/tmp/qemu-open.8kXmTC (deleted)
ASCII text
dropped
/tmp/qemu-open.8sSbTB (deleted)
ASCII text
dropped
/tmp/qemu-open.984WrD (deleted)
ASCII text
dropped
/tmp/qemu-open.9KzAAF (deleted)
ASCII text
dropped
/tmp/qemu-open.9hh0UE (deleted)
ASCII text
dropped
/tmp/qemu-open.AwG7nF (deleted)
ASCII text
dropped
/tmp/qemu-open.BfFjpC (deleted)
ASCII text
dropped
/tmp/qemu-open.BqqJaG (deleted)
ASCII text
dropped
/tmp/qemu-open.CrCO0B (deleted)
ASCII text
dropped
/tmp/qemu-open.D1UioD (deleted)
ASCII text
dropped
/tmp/qemu-open.DdzH5E (deleted)
ASCII text
dropped
/tmp/qemu-open.EmWUiG (deleted)
ASCII text
dropped
/tmp/qemu-open.G9FerD (deleted)
ASCII text
dropped
/tmp/qemu-open.Ga7tqE (deleted)
ASCII text
dropped
/tmp/qemu-open.HCJJ5E (deleted)
ASCII text
dropped
/tmp/qemu-open.IuTWRE (deleted)
ASCII text
dropped
/tmp/qemu-open.JnhKaF (deleted)
ASCII text
dropped
/tmp/qemu-open.KwkZ0C (deleted)
ASCII text
dropped
/tmp/qemu-open.LYEDID (deleted)
ASCII text
dropped
/tmp/qemu-open.LnZuvD (deleted)
ASCII text
dropped
/tmp/qemu-open.MX4rZD (deleted)
ASCII text
dropped
/tmp/qemu-open.NX8O5F (deleted)
ASCII text
dropped
/tmp/qemu-open.NiaKGF (deleted)
ASCII text
dropped
/tmp/qemu-open.NwPUiG (deleted)
ASCII text
dropped
/tmp/qemu-open.OIEQ9E (deleted)
ASCII text
dropped
/tmp/qemu-open.OyCC3B (deleted)
ASCII text
dropped
/tmp/qemu-open.PjDSQB (deleted)
ASCII text
dropped
/tmp/qemu-open.PpkT2E (deleted)
ASCII text
dropped
/tmp/qemu-open.QHZMLE (deleted)
ASCII text
dropped
/tmp/qemu-open.Qw0I7B (deleted)
ASCII text
dropped
/tmp/qemu-open.RdOc0B (deleted)
ASCII text
dropped
/tmp/qemu-open.SSA0bC (deleted)
ASCII text
dropped
/tmp/qemu-open.SxfuYD (deleted)
ASCII text
dropped
/tmp/qemu-open.TUOR1F (deleted)
ASCII text
dropped
/tmp/qemu-open.UlzELD (deleted)
ASCII text
dropped
/tmp/qemu-open.WCfyEC (deleted)
ASCII text
dropped
/tmp/qemu-open.XbG9HE (deleted)
ASCII text
dropped
/tmp/qemu-open.XbIzJD (deleted)
ASCII text
dropped
/tmp/qemu-open.XlmyQB (deleted)
ASCII text
dropped
/tmp/qemu-open.Xv0ggG (deleted)
ASCII text
dropped
/tmp/qemu-open.YuK8zD (deleted)
ASCII text
dropped
/tmp/qemu-open.YwkHiG (deleted)
ASCII text
dropped
/tmp/qemu-open.ZBZbKF (deleted)
ASCII text
dropped
/tmp/qemu-open.ZalfUB (deleted)
ASCII text
dropped
/tmp/qemu-open.bFhgqG (deleted)
ASCII text
dropped
/tmp/qemu-open.cOi1bC (deleted)
ASCII text
dropped
/tmp/qemu-open.dC6dqF (deleted)
ASCII text
dropped
/tmp/qemu-open.dI555F (deleted)
ASCII text
dropped
/tmp/qemu-open.em79xD (deleted)
ASCII text
dropped
/tmp/qemu-open.gyubnG (deleted)
ASCII text
dropped
/tmp/qemu-open.i37SdG (deleted)
ASCII text
dropped
/tmp/qemu-open.iYgmDF (deleted)
ASCII text
dropped
/tmp/qemu-open.ikbuZB (deleted)
ASCII text
dropped
/tmp/qemu-open.jvwxLE (deleted)
ASCII text
dropped
/tmp/qemu-open.kjzv4C (deleted)
ASCII text
dropped
/tmp/qemu-open.mzpWWE (deleted)
ASCII text
dropped
/tmp/qemu-open.nM13mC (deleted)
ASCII text
dropped
/tmp/qemu-open.o288XB (deleted)
ASCII text
dropped
/tmp/qemu-open.oUPArC (deleted)
ASCII text
dropped
/tmp/qemu-open.opaxQC (deleted)
ASCII text
dropped
/tmp/qemu-open.qoSL5C (deleted)
ASCII text
dropped
/tmp/qemu-open.s2ztyD (deleted)
ASCII text
dropped
/tmp/qemu-open.sxt4QD (deleted)
ASCII text
dropped
/tmp/qemu-open.t0280F (deleted)
ASCII text
dropped
/tmp/qemu-open.t9MotD (deleted)
ASCII text
dropped
/tmp/qemu-open.tHKfJC (deleted)
ASCII text
dropped
/tmp/qemu-open.tlXDkC (deleted)
ASCII text
dropped
/tmp/qemu-open.uwZjLD (deleted)
ASCII text
dropped
/tmp/qemu-open.vcPAbF (deleted)
ASCII text
dropped
/tmp/qemu-open.w4lGiD (deleted)
ASCII text
dropped
/tmp/qemu-open.w74PHE (deleted)
ASCII text
dropped
/tmp/qemu-open.wG7nXD (deleted)
ASCII text
dropped
/tmp/qemu-open.wJZ4kG (deleted)
ASCII text
dropped
/tmp/qemu-open.wbQlCE (deleted)
ASCII text
dropped
/tmp/qemu-open.xTcfXF (deleted)
ASCII text
dropped
There are 73 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/nabm68k.elf
/tmp/nabm68k.elf
/tmp/nabm68k.elf
-
/tmp/nabm68k.elf
-
/tmp/nabm68k.elf
-
/tmp/nabm68k.elf
-

URLs

Name
IP
Malicious
http:///wget.sh
unknown
http:///curl.sh
unknown

Domains

Name
IP
Malicious
yellowchink.pirate
45.156.86.24
 malicious
chinklabs.dyn. [malformed]
unknown
 malicious
netfags.geek. [malformed]
unknown
 malicious

IPs

IP
Domain
Country
Malicious
45.156.86.24
yellowchink.pirate
Germany
malicious
7.246.80.17
unknown
United States
105.189.162.69
unknown
Morocco
181.11.171.145
unknown
Argentina
80.171.36.249
unknown
Germany
120.37.116.127
unknown
China
167.159.251.223
unknown
United States
188.181.7.126
unknown
Denmark
83.21.219.208
unknown
Poland
81.158.60.186
unknown
United Kingdom
177.131.2.48
unknown
Brazil
24.165.30.2
unknown
United States
207.168.83.244
unknown
United States
103.62.191.76
unknown
China
19.0.48.218
unknown
United States
18.243.137.32
unknown
United States
103.182.77.246
unknown
unknown
189.249.76.94
unknown
Mexico
64.157.185.54
unknown
United States
140.253.108.98
unknown
Australia
92.181.140.253
unknown
France
214.87.211.138
unknown
United States
80.29.55.163
unknown
Spain
158.49.22.154
unknown
Spain
179.150.239.25
unknown
Brazil
141.171.88.194
unknown
Switzerland
13.36.43.146
unknown
United States
54.19.121.131
unknown
United States
219.102.14.106
unknown
Japan
49.46.0.32
unknown
India
40.22.166.228
unknown
United States
178.131.52.5
unknown
Iran (ISLAMIC Republic Of)
150.206.106.26
unknown
New Zealand
170.65.133.105
unknown
United States
70.206.196.95
unknown
United States
27.62.124.228
unknown
India
201.194.184.106
unknown
Costa Rica
38.52.1.106
unknown
United States
111.81.127.255
unknown
Taiwan; Republic of China (ROC)
204.64.110.47
unknown
United States
16.0.205.56
unknown
United States
27.223.110.151
unknown
China
139.40.94.205
unknown
United States
159.93.190.152
unknown
Russian Federation
185.60.13.159
unknown
Russian Federation
133.255.171.144
unknown
Japan
220.86.182.103
unknown
Korea Republic of
158.228.88.56
unknown
United States
186.227.0.47
unknown
Brazil
180.154.36.57
unknown
China
156.164.115.135
unknown
Egypt
66.58.152.147
unknown
United States
28.35.245.128
unknown
United States
220.15.225.75
unknown
Japan
44.216.116.172
unknown
United States
77.197.86.42
unknown
France
26.173.70.75
unknown
United States
71.162.76.107
unknown
United States
133.97.56.57
unknown
Japan
183.91.180.4
unknown
Viet Nam
71.22.0.148
unknown
United States
35.7.108.70
unknown
United States
61.76.151.57
unknown
Korea Republic of
193.62.226.140
unknown
United Kingdom
44.24.133.42
unknown
United States
68.255.122.59
unknown
United States
44.200.113.46
unknown
United States
221.195.103.91
unknown
China
42.112.174.122
unknown
Viet Nam
159.247.176.41
unknown
United States
165.163.185.33
unknown
United States
82.183.82.40
unknown
Sweden
101.144.9.121
unknown
China
174.239.194.92
unknown
United States
115.127.85.194
unknown
Bangladesh
53.4.80.14
unknown
Germany
81.56.72.96
unknown
France
32.188.48.82
unknown
United States
18.49.131.211
unknown
United States
117.61.76.43
unknown
China
94.249.45.174
unknown
Jordan
23.66.85.61
unknown
United States
168.38.213.101
unknown
United States
65.227.191.182
unknown
United States
56.187.55.231
unknown
United States
71.253.189.32
unknown
United States
20.241.201.34
unknown
United States
209.253.75.170
unknown
United States
164.29.124.78
unknown
Germany
11.49.63.219
unknown
United States
121.23.90.21
unknown
China
42.90.218.179
unknown
China
6.182.190.104
unknown
United States
31.107.45.88
unknown
United Kingdom
37.175.84.32
unknown
France
181.74.171.18
unknown
Chile
52.102.44.114
unknown
United States
146.151.190.255
unknown
United States
162.21.239.171
unknown
Switzerland
200.110.117.9
unknown
Ecuador
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f23639d0000
page read and write
56500c820000
page read and write
56500e8b5000
page read and write
7f2363e4c000
page read and write
56500c5e6000
page execute read
7f2362b49000
page read and write
7f2363d1b000
page read and write
56500c820000
page read and write
7f23635e9000
page read and write
7f22dc00c000
page execute read
7ffe76d52000
page execute read
7f236334c000
page read and write
7f235c021000
page read and write
7f235c000000
page read and write
7f23635e9000
page read and write
7f22dc010000
page read and write
7f22dc00e000
page read and write
56500c818000
page read and write
7f235c000000
page read and write
7f2363e44000
page read and write
56500c818000
page read and write
7f235c021000
page read and write
7f2363e91000
page read and write
7f2363e44000
page read and write
7f236335a000
page read and write
7f23639ab000
page read and write
56500e81e000
page execute and read and write
7f22dc010000
page read and write
7f236334c000
page read and write
56500e81e000
page execute and read and write
7f23639ab000
page read and write
56500c5e6000
page execute read
56500e8b5000
page read and write
7ffe76c62000
page read and write
56500f1ae000
page read and write
56500f1ae000
page read and write
7f23639d0000
page read and write
7f2362b49000
page read and write
7f22dc00e000
page read and write
7f22dc00c000
page execute read
7f2363e4c000
page read and write
7ffe76c62000
page read and write
7ffe76d52000
page execute read
7f2363e91000
page read and write
7f236335a000
page read and write
7f2363d1b000
page read and write
There are 36 hidden memdumps, click here to show them.