Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
nabarm5.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
 |
|
|
/tmp/qemu-open.0GdXIn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.0P8O0o (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.16t4in (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.2n5PNl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.4aNHvm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.4wqocl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.5DB7In (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.6PmmXo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.6ZcU4m (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.82d3Bl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.9516po (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.9l0dfn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.9oMu0m (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.B6KG6l (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.CIuLAn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.FTCzuo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.FXQo4o (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.FqRnJp (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.GTNUCl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Gy2oio (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.HPQ2Il (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.HTvYHl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.JjPOVn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.KDIW4m (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.KJy86n (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.KVe67l (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.KaHxio (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.MOJsep (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.MWFmen (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Mgw8jp (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.N0rrso (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.N1tzxm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Nf3dZl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.O9EHqn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.PevWZl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.PpUNJo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Q732Jm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.QVrLzo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.QbfMXo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.REXmzo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.REmieo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Rg2Mfl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Rv4BPo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.TUAYeo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.TVgYFp (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.U3tYJm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Uqr2Ll (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Usjwgn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.VVWH9m (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.VdxuEo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.WIYNNm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.XS4llo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.ZuUKLl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.aB2oal (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.bl8gJl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.cQ80Po (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.eXY0on (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.fCmkYo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.hclZvn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.j1E8Xo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.jG64Xn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.jNR5yo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.l5IdAn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.l8v0Pl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.lX2Wnp (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.liKmzo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.nVs4Hn (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.o6wcpl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.oThGwm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.oazMAl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.orDb6o (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.qH6adl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.qQw8km (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.r0zprm (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.rz32sp (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.s18vdp (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.tAMRco (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.uOfJul (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.ublFBo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.vKEVfl (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.wnCKuo (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.zT5Gzm (deleted)
|
ASCII text
|
dropped
|
There are 73 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/nabarm5.elf
|
/tmp/nabarm5.elf
|
||
|
/tmp/nabarm5.elf
|
-
|
||
|
/tmp/nabarm5.elf
|
-
|
||
|
/tmp/nabarm5.elf
|
-
|
||
|
/tmp/nabarm5.elf
|
-
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http:///wget.sh
|
unknown
|
||
|
http:///curl.sh
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
netfags.geek
|
45.156.86.24
|
|
|
|
yellowchink.pirate
|
45.156.86.24
|
|
|
|
burnthe.libre
|
45.156.86.24
|
|
|
|
burnthe.libre. [malformed]
|
unknown
|
|
|
|
netfags.geek. [malformed]
|
unknown
|
|
|
|
yellowchink.pirate. [malformed]
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.156.86.24
|
netfags.geek
|
Germany
|
|
|
|
53.17.55.0
|
unknown
|
Germany
|
||
|
72.53.119.217
|
unknown
|
Canada
|
||
|
35.175.53.253
|
unknown
|
United States
|
||
|
216.115.246.83
|
unknown
|
United States
|
||
|
183.205.164.42
|
unknown
|
China
|
||
|
74.112.217.91
|
unknown
|
United States
|
||
|
44.113.142.143
|
unknown
|
United States
|
||
|
111.167.222.160
|
unknown
|
China
|
||
|
38.172.105.95
|
unknown
|
United States
|
||
|
116.249.19.192
|
unknown
|
China
|
||
|
186.94.166.16
|
unknown
|
Venezuela
|
||
|
48.221.250.48
|
unknown
|
United States
|
||
|
148.34.91.185
|
unknown
|
United States
|
||
|
192.191.187.249
|
unknown
|
United States
|
||
|
184.30.186.248
|
unknown
|
United States
|
||
|
190.17.40.248
|
unknown
|
Argentina
|
||
|
143.109.6.172
|
unknown
|
United States
|
||
|
52.253.38.74
|
unknown
|
United States
|
||
|
54.66.51.207
|
unknown
|
United States
|
||
|
9.119.98.67
|
unknown
|
United States
|
||
|
184.169.228.103
|
unknown
|
United States
|
||
|
42.7.36.14
|
unknown
|
China
|
||
|
29.52.86.245
|
unknown
|
United States
|
||
|
186.41.190.76
|
unknown
|
Chile
|
||
|
177.7.164.228
|
unknown
|
Brazil
|
||
|
72.81.135.89
|
unknown
|
United States
|
||
|
65.107.59.151
|
unknown
|
United States
|
||
|
126.55.25.156
|
unknown
|
Japan
|
||
|
6.128.27.249
|
unknown
|
United States
|
||
|
114.19.249.234
|
unknown
|
Japan
|
||
|
131.138.32.108
|
unknown
|
Canada
|
||
|
155.16.21.154
|
unknown
|
United States
|
||
|
180.24.137.61
|
unknown
|
Japan
|
||
|
32.199.125.138
|
unknown
|
United States
|
||
|
130.38.50.83
|
unknown
|
United States
|
||
|
223.110.44.19
|
unknown
|
China
|
||
|
56.56.134.244
|
unknown
|
United States
|
||
|
168.122.28.10
|
unknown
|
United States
|
||
|
23.53.61.83
|
unknown
|
United States
|
||
|
83.151.232.206
|
unknown
|
United Kingdom
|
||
|
82.126.118.234
|
unknown
|
France
|
||
|
2.248.43.129
|
unknown
|
Sweden
|
||
|
42.31.38.123
|
unknown
|
Korea Republic of
|
||
|
194.252.33.218
|
unknown
|
Finland
|
||
|
188.117.209.254
|
unknown
|
Austria
|
||
|
134.33.70.174
|
unknown
|
United States
|
||
|
150.145.14.163
|
unknown
|
Italy
|
||
|
222.175.127.37
|
unknown
|
China
|
||
|
187.111.160.247
|
unknown
|
Brazil
|
||
|
57.46.20.34
|
unknown
|
Belgium
|
||
|
218.164.37.11
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
156.241.59.3
|
unknown
|
Seychelles
|
||
|
134.226.206.179
|
unknown
|
Ireland
|
||
|
2.52.21.142
|
unknown
|
Israel
|
||
|
64.15.34.187
|
unknown
|
Australia
|
||
|
147.139.120.97
|
unknown
|
United States
|
||
|
169.100.187.69
|
unknown
|
United States
|
||
|
120.159.221.90
|
unknown
|
Australia
|
||
|
37.186.100.126
|
unknown
|
Armenia
|
||
|
84.32.48.93
|
unknown
|
Lithuania
|
||
|
210.196.55.227
|
unknown
|
Japan
|
||
|
143.69.247.136
|
unknown
|
United States
|
||
|
8.98.14.216
|
unknown
|
United States
|
||
|
42.75.45.27
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
108.207.174.211
|
unknown
|
United States
|
||
|
181.10.73.56
|
unknown
|
Argentina
|
||
|
15.136.116.3
|
unknown
|
United States
|
||
|
6.124.52.173
|
unknown
|
United States
|
||
|
189.251.35.68
|
unknown
|
Mexico
|
||
|
202.169.249.112
|
unknown
|
Indonesia
|
||
|
82.148.14.47
|
unknown
|
Russian Federation
|
||
|
104.221.56.220
|
unknown
|
Canada
|
||
|
179.34.23.69
|
unknown
|
Brazil
|
||
|
128.97.122.229
|
unknown
|
United States
|
||
|
50.107.48.255
|
unknown
|
United States
|
||
|
170.105.182.161
|
unknown
|
Japan
|
||
|
197.88.138.164
|
unknown
|
South Africa
|
||
|
133.88.110.121
|
unknown
|
Japan
|
||
|
7.74.111.13
|
unknown
|
United States
|
||
|
214.100.70.37
|
unknown
|
United States
|
||
|
35.127.121.88
|
unknown
|
United States
|
||
|
90.187.216.23
|
unknown
|
Germany
|
||
|
161.8.2.27
|
unknown
|
United Kingdom
|
||
|
124.116.29.170
|
unknown
|
China
|
||
|
126.49.27.182
|
unknown
|
Japan
|
||
|
24.103.208.84
|
unknown
|
United States
|
||
|
115.54.100.17
|
unknown
|
China
|
||
|
141.245.20.16
|
unknown
|
United Kingdom
|
||
|
18.158.193.253
|
unknown
|
United States
|
||
|
176.31.46.106
|
unknown
|
France
|
||
|
43.242.107.81
|
unknown
|
India
|
||
|
3.34.252.81
|
unknown
|
United States
|
||
|
66.12.34.228
|
unknown
|
United States
|
||
|
3.83.182.48
|
unknown
|
United States
|
||
|
56.103.158.186
|
unknown
|
United States
|
||
|
184.67.180.137
|
unknown
|
Canada
|
||
|
111.243.0.152
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
210.159.70.105
|
unknown
|
Japan
|
||
|
2.88.189.76
|
unknown
|
Saudi Arabia
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fcad85d8000
|
page read and write
|
|||
|
7ffe315b4000
|
page execute read
|
|||
|
7ffe315b4000
|
page execute read
|
|||
|
7fcad866a000
|
page read and write
|
|||
|
7fcad8fa8000
|
page read and write
|
|||
|
7fcad92d6000
|
page read and write
|
|||
|
7fcad7dd0000
|
page read and write
|
|||
|
7fcad85d8000
|
page read and write
|
|||
|
7fcad9189000
|
page read and write
|
|||
|
7fcad931b000
|
page read and write
|
|||
|
7fcad92b2000
|
page read and write
|
|||
|
7fcad8c37000
|
page read and write
|
|||
|
5650dc743000
|
page read and write
|
|||
|
7fcad8dc6000
|
page read and write
|
|||
|
7fcad89cc000
|
page read and write
|
|||
|
7fcacffff000
|
page read and write
|
|||
|
7fcad92d6000
|
page read and write
|
|||
|
5650de761000
|
page read and write
|
|||
|
7fc9d0021000
|
page execute read
|
|||
|
7fcad7dd0000
|
page read and write
|
|||
|
7fcad8fa8000
|
page read and write
|
|||
|
5650e001e000
|
page read and write
|
|||
|
7fcad8dc6000
|
page read and write
|
|||
|
7fcad0021000
|
page read and write
|
|||
|
5650dc4f2000
|
page execute read
|
|||
|
7fcad8c5a000
|
page read and write
|
|||
|
7fcad92b2000
|
page read and write
|
|||
|
7fcad931b000
|
page read and write
|
|||
|
7fcad866a000
|
page read and write
|
|||
|
7fc9d0029000
|
page read and write
|
|||
|
5650de74a000
|
page execute and read and write
|
|||
|
7fc9d002b000
|
page read and write
|
|||
|
5650dc74c000
|
page read and write
|
|||
|
7fcad0021000
|
page read and write
|
|||
|
5650de74a000
|
page execute and read and write
|
|||
|
7fc9d0029000
|
page read and write
|
|||
|
5650dc743000
|
page read and write
|
|||
|
5650dc74c000
|
page read and write
|
|||
|
7fcad8c37000
|
page read and write
|
|||
|
7ffe314a7000
|
page read and write
|
|||
|
7ffe314a7000
|
page read and write
|
|||
|
7fcacffff000
|
page read and write
|
|||
|
5650e001e000
|
page read and write
|
|||
|
7fc9d0021000
|
page execute read
|
|||
|
7fcad8c5a000
|
page read and write
|
|||
|
7fc9d002b000
|
page read and write
|
|||
|
7fcad9189000
|
page read and write
|
|||
|
5650dc4f2000
|
page execute read
|
|||
|
7fcad89cc000
|
page read and write
|
|||
|
5650de761000
|
page read and write
|
There are 40 hidden memdumps, click here to show them.