IOC Report
jklm68k.elf

loading gif

Files

File Path
Type
Category
Malicious
jklm68k.elf
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/tmp/qemu-open.0jzMgS (deleted)
ASCII text
dropped
/tmp/qemu-open.0qhVXS (deleted)
ASCII text
dropped
/tmp/qemu-open.1vcv0P (deleted)
ASCII text
dropped
/tmp/qemu-open.2edRsP (deleted)
ASCII text
dropped
/tmp/qemu-open.2nEusS (deleted)
ASCII text
dropped
/tmp/qemu-open.3kTxAQ (deleted)
ASCII text
dropped
/tmp/qemu-open.3tY5wP (deleted)
ASCII text
dropped
/tmp/qemu-open.46b1KS (deleted)
ASCII text
dropped
/tmp/qemu-open.4Cmq0S (deleted)
ASCII text
dropped
/tmp/qemu-open.4Q9nPR (deleted)
ASCII text
dropped
/tmp/qemu-open.4ZH6uQ (deleted)
ASCII text
dropped
/tmp/qemu-open.4ftegQ (deleted)
ASCII text
dropped
/tmp/qemu-open.5SY0QS (deleted)
ASCII text
dropped
/tmp/qemu-open.5V6B6Q (deleted)
ASCII text
dropped
/tmp/qemu-open.5hHHuS (deleted)
ASCII text
dropped
/tmp/qemu-open.6egchQ (deleted)
ASCII text
dropped
/tmp/qemu-open.71hw5P (deleted)
ASCII text
dropped
/tmp/qemu-open.7I50YS (deleted)
ASCII text
dropped
/tmp/qemu-open.7QWqYS (deleted)
ASCII text
dropped
/tmp/qemu-open.7Wwe1R (deleted)
ASCII text
dropped
/tmp/qemu-open.9PyU0R (deleted)
ASCII text
dropped
/tmp/qemu-open.9Wl4oS (deleted)
ASCII text
dropped
/tmp/qemu-open.BgSfoQ (deleted)
ASCII text
dropped
/tmp/qemu-open.CVFBtS (deleted)
ASCII text
dropped
/tmp/qemu-open.D8RISS (deleted)
ASCII text
dropped
/tmp/qemu-open.Dbhr8O (deleted)
ASCII text
dropped
/tmp/qemu-open.DfhcqQ (deleted)
ASCII text
dropped
/tmp/qemu-open.DmDZUO (deleted)
ASCII text
dropped
/tmp/qemu-open.FhiMyP (deleted)
ASCII text
dropped
/tmp/qemu-open.FokiiR (deleted)
ASCII text
dropped
/tmp/qemu-open.GBuGIS (deleted)
ASCII text
dropped
/tmp/qemu-open.GofKDS (deleted)
ASCII text
dropped
/tmp/qemu-open.HP7q1P (deleted)
ASCII text
dropped
/tmp/qemu-open.HPDKcT (deleted)
ASCII text
dropped
/tmp/qemu-open.Hyg4AQ (deleted)
ASCII text
dropped
/tmp/qemu-open.I6xLYR (deleted)
ASCII text
dropped
/tmp/qemu-open.IaJkmQ (deleted)
ASCII text
dropped
/tmp/qemu-open.IfHZkP (deleted)
ASCII text
dropped
/tmp/qemu-open.Iu2MgQ (deleted)
ASCII text
dropped
/tmp/qemu-open.Jh3inS (deleted)
ASCII text
dropped
/tmp/qemu-open.KPnV9Q (deleted)
ASCII text
dropped
/tmp/qemu-open.KjqJrQ (deleted)
ASCII text
dropped
/tmp/qemu-open.MOtEKS (deleted)
ASCII text
dropped
/tmp/qemu-open.N7DOHR (deleted)
ASCII text
dropped
/tmp/qemu-open.Ov0rsS (deleted)
ASCII text
dropped
/tmp/qemu-open.PmUUSR (deleted)
ASCII text
dropped
/tmp/qemu-open.QDtdVR (deleted)
ASCII text
dropped
/tmp/qemu-open.QFusmQ (deleted)
ASCII text
dropped
/tmp/qemu-open.RI1d2R (deleted)
ASCII text
dropped
/tmp/qemu-open.SXtgLP (deleted)
ASCII text
dropped
/tmp/qemu-open.Ss0jGQ (deleted)
ASCII text
dropped
/tmp/qemu-open.WSB2aS (deleted)
ASCII text
dropped
/tmp/qemu-open.XpCwTS (deleted)
ASCII text
dropped
/tmp/qemu-open.XtVv9Q (deleted)
ASCII text
dropped
/tmp/qemu-open.Y0ivGQ (deleted)
ASCII text
dropped
/tmp/qemu-open.Yp4urT (deleted)
ASCII text
dropped
/tmp/qemu-open.YwW9ES (deleted)
ASCII text
dropped
/tmp/qemu-open.ZaCpuQ (deleted)
ASCII text
dropped
/tmp/qemu-open.a6tQgR (deleted)
ASCII text
dropped
/tmp/qemu-open.aB2zvQ (deleted)
ASCII text
dropped
/tmp/qemu-open.aLOVkS (deleted)
ASCII text
dropped
/tmp/qemu-open.bKo5SR (deleted)
ASCII text
dropped
/tmp/qemu-open.bZ5GLP (deleted)
ASCII text
dropped
/tmp/qemu-open.bqY0aQ (deleted)
ASCII text
dropped
/tmp/qemu-open.c1MIfS (deleted)
ASCII text
dropped
/tmp/qemu-open.c9euGR (deleted)
ASCII text
dropped
/tmp/qemu-open.cpoh1R (deleted)
ASCII text
dropped
/tmp/qemu-open.cxpLcT (deleted)
ASCII text
dropped
/tmp/qemu-open.dnlTrQ (deleted)
ASCII text
dropped
/tmp/qemu-open.duEgqT (deleted)
ASCII text
dropped
/tmp/qemu-open.dxhTSR (deleted)
ASCII text
dropped
/tmp/qemu-open.exNwdP (deleted)
ASCII text
dropped
/tmp/qemu-open.fEHFqT (deleted)
ASCII text
dropped
/tmp/qemu-open.gSnX6R (deleted)
ASCII text
dropped
/tmp/qemu-open.ggkdbR (deleted)
ASCII text
dropped
/tmp/qemu-open.hLvHTR (deleted)
ASCII text
dropped
/tmp/qemu-open.hffUmS (deleted)
ASCII text
dropped
/tmp/qemu-open.jTAUzS (deleted)
ASCII text
dropped
/tmp/qemu-open.lZePPP (deleted)
ASCII text
dropped
/tmp/qemu-open.lh5BSS (deleted)
ASCII text
dropped
/tmp/qemu-open.mNH6LR (deleted)
ASCII text
dropped
/tmp/qemu-open.mPoMjQ (deleted)
ASCII text
dropped
/tmp/qemu-open.mWYzIR (deleted)
ASCII text
dropped
/tmp/qemu-open.mvk0eR (deleted)
ASCII text
dropped
/tmp/qemu-open.nE103O (deleted)
ASCII text
dropped
/tmp/qemu-open.oBNg6O (deleted)
ASCII text
dropped
/tmp/qemu-open.od0GJR (deleted)
ASCII text
dropped
/tmp/qemu-open.oglsfR (deleted)
ASCII text
dropped
/tmp/qemu-open.opS0YS (deleted)
ASCII text
dropped
/tmp/qemu-open.ore7pS (deleted)
ASCII text
dropped
/tmp/qemu-open.pdZWkP (deleted)
ASCII text
dropped
/tmp/qemu-open.qX9RcR (deleted)
ASCII text
dropped
/tmp/qemu-open.rKeJmS (deleted)
ASCII text
dropped
/tmp/qemu-open.rP73aT (deleted)
ASCII text
dropped
/tmp/qemu-open.s5FEYP (deleted)
ASCII text
dropped
/tmp/qemu-open.tKnTFR (deleted)
ASCII text
dropped
/tmp/qemu-open.tX8LqR (deleted)
ASCII text
dropped
/tmp/qemu-open.tXq4xP (deleted)
ASCII text
dropped
/tmp/qemu-open.tY1BtT (deleted)
ASCII text
dropped
/tmp/qemu-open.wdQVER (deleted)
ASCII text
dropped
There are 91 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/jklm68k.elf
/tmp/jklm68k.elf
/tmp/jklm68k.elf
-
/tmp/jklm68k.elf
-
/tmp/jklm68k.elf
-
/tmp/jklm68k.elf
-

URLs

Name
IP
Malicious
http:///wget.sh
unknown
http:///curl.sh
unknown

Domains

Name
IP
Malicious
netfags.geek
45.156.86.24
 malicious
burnthe.libre
45.156.86.24
 malicious

IPs

IP
Domain
Country
Malicious
184.70.201.74
unknown
Canada
162.112.119.175
unknown
New Zealand
40.17.175.214
unknown
United States
145.152.199.4
unknown
Netherlands
58.98.118.124
unknown
Japan
119.43.166.84
unknown
India
146.188.242.19
unknown
United Kingdom
202.150.53.109
unknown
Japan
138.209.184.99
unknown
United States
45.98.188.64
unknown
Egypt
118.62.225.236
unknown
Korea Republic of
163.99.23.9
unknown
France
15.31.179.144
unknown
United States
91.21.45.203
unknown
Germany
63.211.19.51
unknown
United States
14.162.95.192
unknown
Viet Nam
125.38.10.177
unknown
China
175.0.93.154
unknown
China
130.95.35.220
unknown
Australia
17.115.203.127
unknown
United States
140.250.56.107
unknown
China
196.14.36.93
unknown
South Africa
106.16.14.113
unknown
China
198.132.128.157
unknown
United States
142.49.75.163
unknown
Canada
157.152.51.129
unknown
United States
47.63.62.26
unknown
United States
23.150.148.129
unknown
Reserved
99.243.210.91
unknown
Canada
197.55.171.106
unknown
Egypt
151.53.108.228
unknown
Italy
21.127.39.100
unknown
United States
84.226.121.200
unknown
Switzerland
111.5.43.141
unknown
China
220.111.174.23
unknown
Japan
184.173.134.173
unknown
United States
169.213.112.246
unknown
Korea Republic of
52.142.214.244
unknown
United States
27.7.116.214
unknown
India
67.53.22.201
unknown
United States
21.220.178.215
unknown
United States
37.118.222.50
unknown
Italy
167.245.147.43
unknown
United States
102.2.134.205
unknown
unknown
80.51.201.8
unknown
Poland
123.237.27.82
unknown
India
101.136.84.161
unknown
Taiwan; Republic of China (ROC)
1.223.114.76
unknown
Korea Republic of
195.142.249.32
unknown
Turkey
145.117.234.227
unknown
Netherlands
132.211.172.35
unknown
Canada
107.206.3.31
unknown
United States
152.187.82.74
unknown
United States
107.224.203.241
unknown
United States
24.8.8.151
unknown
United States
103.89.73.75
unknown
Australia
107.49.0.162
unknown
United States
81.130.15.232
unknown
United Kingdom
101.32.73.40
unknown
China
221.188.49.106
unknown
Japan
191.84.158.74
unknown
Argentina
110.33.144.22
unknown
Australia
55.102.73.138
unknown
United States
89.77.199.89
unknown
Poland
218.192.44.175
unknown
China
215.201.212.58
unknown
United States
92.243.107.229
unknown
Russian Federation
15.107.186.107
unknown
United States
214.70.123.171
unknown
United States
8.83.203.103
unknown
United States
55.8.158.181
unknown
United States
161.87.121.27
unknown
Netherlands
40.102.238.246
unknown
United States
148.41.144.167
unknown
United States
58.166.238.231
unknown
Australia
81.11.205.157
unknown
Belgium
58.236.84.47
unknown
Korea Republic of
87.79.195.228
unknown
Germany
175.134.133.143
unknown
Japan
165.122.35.218
unknown
United States
58.177.246.249
unknown
Hong Kong
108.224.250.135
unknown
United States
76.243.148.108
unknown
United States
145.239.88.167
unknown
France
208.246.141.68
unknown
United States
73.64.139.164
unknown
United States
69.198.196.230
unknown
United States
212.248.18.247
unknown
Russian Federation
33.95.164.110
unknown
United States
121.182.123.206
unknown
Korea Republic of
30.130.176.220
unknown
United States
39.161.30.115
unknown
China
96.134.24.212
unknown
United States
172.89.115.11
unknown
United States
156.235.189.140
unknown
Seychelles
130.149.172.76
unknown
Germany
178.166.30.79
unknown
Portugal
216.101.101.170
unknown
United States
84.113.123.131
unknown
Austria
212.43.148.57
unknown
Switzerland
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7fd14c021000
page read and write
558fa3fc2000
page read and write
558fa3d90000
page execute read
7fd1548ba000
page read and write
7fff27f48000
page execute read
7fd0cc015000
page read and write
7fff27edb000
page read and write
7fd154c7c000
page read and write
558fa5fc8000
page execute and read and write
558fa605f000
page read and write
7fd15462b000
page read and write
7fd15462b000
page read and write
7fd154ca1000
page read and write
558fa605f000
page read and write
7fd14c021000
page read and write
7fd15461d000
page read and write
7fd154ca1000
page read and write
558fa3fca000
page read and write
7fd0cc013000
page read and write
7fd154c7c000
page read and write
7fd154fec000
page read and write
7fd155162000
page read and write
7fd0cc011000
page execute read
7fd153e1a000
page read and write
558fa7a79000
page read and write
7fd14c000000
page read and write
558fa5fc8000
page execute and read and write
7fd14c000000
page read and write
558fa3d90000
page execute read
7fd155115000
page read and write
558fa7a79000
page read and write
558fa3fca000
page read and write
7fff27edb000
page read and write
7fd15511d000
page read and write
7fd1548ba000
page read and write
7fd155115000
page read and write
7fd154fec000
page read and write
7fd15511d000
page read and write
7fff27f48000
page execute read
7fd0cc015000
page read and write
7fd0cc013000
page read and write
7fd153e1a000
page read and write
7fd0cc011000
page execute read
558fa3fc2000
page read and write
7fd0cc019000
page read and write
7fd15461d000
page read and write
7fd155162000
page read and write
There are 37 hidden memdumps, click here to show them.