Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
powerpc.elf
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
|
initial sample
|
 |
|
|
/tmp/Infected.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
/tmp/qemu-open.1SK0R0 (deleted)
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/powerpc.elf
|
/tmp/powerpc.elf
|
||
|
/tmp/powerpc.elf
|
-
|
||
|
/tmp/powerpc.elf
|
-
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
|
|
|
https://developers.google.com/search/docs/advanced/crawling/overview-google-crawlers)
|
unknown
|
||
|
http://www.spidersoft.com)
|
unknown
|
||
|
http://help.yahoo.com/help/us/ysearch/slurp)
|
unknown
|
||
|
http://www.google.com/bot.html)
|
unknown
|
||
|
http://www.google.com/mobile/adsbot.html)
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
daisy.ubuntu.com
|
162.213.35.25
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
181.214.231.152
|
unknown
|
Chile
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f349404c000
|
page execute and read and write
|
|
||
|
7f349404c000
|
page execute and read and write
|
|
||
|
564dad3c1000
|
page read and write
|
|||
|
7f358b7bd000
|
page read and write
|
|||
|
7f358bb08000
|
page read and write
|
|||
|
7f3494010000
|
page execute and read and write
|
|||
|
7f3494066000
|
page read and write
|
|||
|
7f358bb08000
|
page read and write
|
|||
|
7f358b798000
|
page read and write
|
|||
|
564dad136000
|
page execute read
|
|||
|
564db0af9000
|
page read and write
|
|||
|
7ffcea1fb000
|
page execute read
|
|||
|
7f358a936000
|
page read and write
|
|||
|
7f349401a000
|
page execute read
|
|||
|
7f358a936000
|
page read and write
|
|||
|
7f358b7bd000
|
page read and write
|
|||
|
7f349401b000
|
page execute and read and write
|
|||
|
7ffcea1fb000
|
page execute read
|
|||
|
564daf3bf000
|
page execute and read and write
|
|||
|
7f349401a000
|
page execute read
|
|||
|
7ffcea1b9000
|
page read and write
|
|||
|
7f358b147000
|
page read and write
|
|||
|
564daf3d5000
|
page read and write
|
|||
|
7f349401c000
|
page execute read
|
|||
|
7f3494010000
|
page execute and read and write
|
|||
|
7f358b139000
|
page read and write
|
|||
|
564db0af9000
|
page read and write
|
|||
|
564dad3c1000
|
page read and write
|
|||
|
7f3584000000
|
page read and write
|
|||
|
7f358b3d6000
|
page read and write
|
|||
|
7f358b147000
|
page read and write
|
|||
|
7f3494002000
|
page execute read
|
|||
|
7f3494066000
|
page read and write
|
|||
|
7f358bc31000
|
page read and write
|
|||
|
7f358b3d6000
|
page read and write
|
|||
|
7ffcea1b9000
|
page read and write
|
|||
|
7f3494002000
|
page execute read
|
|||
|
7f358b798000
|
page read and write
|
|||
|
7f3584000000
|
page read and write
|
|||
|
7f349401c000
|
page execute read
|
|||
|
7f349401b000
|
page execute and read and write
|
|||
|
7f358bc39000
|
page read and write
|
|||
|
7f3584021000
|
page read and write
|
|||
|
564daf3d5000
|
page read and write
|
|||
|
7f358b139000
|
page read and write
|
|||
|
7f358bc7e000
|
page read and write
|
|||
|
564daf3bf000
|
page execute and read and write
|
|||
|
7f358bc31000
|
page read and write
|
|||
|
7f358bc39000
|
page read and write
|
|||
|
564dad3b9000
|
page read and write
|
|||
|
564dad136000
|
page execute read
|
|||
|
564dad3b9000
|
page read and write
|
|||
|
7f358bc7e000
|
page read and write
|
|||
|
7f3584021000
|
page read and write
|
There are 44 hidden memdumps, click here to show them.