IOC Report
la.bot.arm6.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/la.bot.arm6.elf
/tmp/la.bot.arm6.elf
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.shYw9gouY6 /tmp/tmp.XXm9zpEQG4 /tmp/tmp.L8umTjDtat
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.shYw9gouY6
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.shYw9gouY6
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.shYw9gouY6 /tmp/tmp.XXm9zpEQG4 /tmp/tmp.L8umTjDtat
There are 11 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http:///wget.sh
unknown
http:///curl.sh
unknown

IPs

IP
Domain
Country
Malicious
54.171.230.55
unknown
United States
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7ffd833a2000
page execute read
7f24b7c5a000
page read and write
7f24b75df000
page read and write
7f23b0035000
page read and write
7f24b7012000
page read and write
7f24b7b31000
page read and write
7f24b7602000
page read and write
55e803810000
page execute and read and write
55e8015b8000
page execute read
7f24b7c7e000
page read and write
7f24b0021000
page read and write
55e804219000
page read and write
7f24b776e000
page read and write
7ffd83213000
page read and write
55e803827000
page read and write
7f23b002c000
page execute read
55e801812000
page read and write
7f24b7cc3000
page read and write
7f24affff000
page read and write
7f24b6f80000
page read and write
7f23b003c000
page read and write
7f24b6778000
page read and write
55e801809000
page read and write
7f24b7950000
page read and write
7f24b7374000
page read and write
There are 15 hidden memdumps, click here to show them.