Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ppc.elf
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
|
initial sample
|
||
|
/var/log/btmp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/ppc.elf
|
/tmp/ppc.elf
|
||
|
/usr/sbin/sshd
|
-
|
||
|
/usr/sbin/sshd
|
/usr/sbin/sshd -D -R
|
||
|
/usr/sbin/sshd
|
-
|
||
|
/usr/sbin/sshd
|
/usr/sbin/sshd -D -R
|
||
|
/usr/sbin/sshd
|
-
|
||
|
/usr/sbin/sshd
|
-
|
||
|
/usr/sbin/sshd
|
/usr/sbin/sshd -D -R
|
||
|
/usr/sbin/sshd
|
-
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
55deba2da000
|
page read and write
|
|||
|
7f3dbc012000
|
page read and write
|
|||
|
7ffd777e1000
|
page execute read
|
|||
|
7f3eb394c000
|
page read and write
|
|||
|
55deba04f000
|
page execute read
|
|||
|
7f3eb3999000
|
page read and write
|
|||
|
55debc2ee000
|
page read and write
|
|||
|
7f3dbc00e000
|
page execute read
|
|||
|
55debc2d8000
|
page execute and read and write
|
|||
|
7ffd7779c000
|
page read and write
|
|||
|
7f3eb3823000
|
page read and write
|
|||
|
7f3eac000000
|
page read and write
|
|||
|
7f3eb34b3000
|
page read and write
|
|||
|
7f3dbc00f000
|
page execute and read and write
|
|||
|
7f3eb2e62000
|
page read and write
|
|||
|
55debd430000
|
page read and write
|
|||
|
55deba2d2000
|
page read and write
|
|||
|
7f3eb2651000
|
page read and write
|
|||
|
7f3eb34d8000
|
page read and write
|
|||
|
7f3eac021000
|
page read and write
|
|||
|
7f3dbc011000
|
page execute and read and write
|
|||
|
7f3eb2e54000
|
page read and write
|
|||
|
7f3eb3954000
|
page read and write
|
|||
|
7f3eb30f1000
|
page read and write
|
There are 14 hidden memdumps, click here to show them.