IOC Report
yakuza.arm7.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/yakuza.arm7.elf
/tmp/yakuza.arm7.elf
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
/bin/sh
-
/usr/bin/pkill
pkill -9 902i13
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 902i13
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
/bin/sh
-
/usr/bin/pkill
pkill -9 BzSxLxBxeY
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 BzSxLxBxeY
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
/bin/sh
-
/usr/bin/pkill
pkill -9 HOHO-LUGO7
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 HOHO-LUGO7
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
/bin/sh
-
/usr/bin/pkill
pkill -9 HOHO-U79OL
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 HOHO-U79OL
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
/bin/sh
-
/usr/bin/pkill
pkill -9 JuYfouyf87
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 JuYfouyf87
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeR69xd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeR69xd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
/bin/sh
-
/usr/bin/pkill
pkill -9 SO190Ij1X
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SO190Ij1X
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
/bin/sh
-
/usr/bin/pkill
pkill -9 LOLKIKEEEDDE
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 LOLKIKEEEDDE
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
/bin/sh
-
/usr/bin/pkill
pkill -9 ekjheory98e
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ekjheory98e
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
/bin/sh
-
/usr/bin/pkill
pkill -9 scansh4
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 scansh4
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
/bin/sh
-
/usr/bin/pkill
pkill -9 MDMA
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MDMA
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
/bin/sh
-
/usr/bin/pkill
pkill -9 fdevalvex
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 fdevalvex
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
/bin/sh
-
/usr/bin/pkill
pkill -9 scanspc
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 scanspc
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
/bin/sh
-
/usr/bin/pkill
pkill -9 MELTEDNINJAREALZ
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MELTEDNINJAREALZ
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
/bin/sh
-
/usr/bin/pkill
pkill -9 flexsonskids
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 flexsonskids
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
/bin/sh
-
/usr/bin/pkill
pkill -9 scanx86
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 scanx86
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
/bin/sh
-
/usr/bin/pkill
pkill -9 MISAKI-U79OL
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MISAKI-U79OL
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
/bin/sh
-
/usr/bin/pkill
pkill -9 foAxi102kxe
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 foAxi102kxe
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
/bin/sh
-
/usr/bin/pkill
pkill -9 swodjwodjwoj
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 swodjwodjwoj
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
/bin/sh
-
/usr/bin/pkill
pkill -9 MmKiy7f87l
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MmKiy7f87l
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
/bin/sh
-
/usr/bin/pkill
pkill -9 freecookiex86
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 freecookiex86
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
/bin/sh
-
/usr/bin/pkill
pkill -9 sysgpu
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 sysgpu
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeR69xd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeR69xd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 frgege || busybox pkill -9 frgege"
/bin/sh
-
/usr/bin/pkill
pkill -9 frgege
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 frgege
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
/bin/sh
-
/usr/bin/pkill
pkill -9 sysupdater
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 sysupdater
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
/bin/sh
-
/usr/bin/pkill
pkill -9 0DnAzepd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 0DnAzepd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeRD0nks69
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeRD0nks69
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
/bin/sh
-
/usr/bin/pkill
pkill -9 frgreu
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 frgreu
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
/bin/sh
-
/usr/bin/pkill
pkill -9 telnetd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 telnetd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
/bin/sh
-
/usr/bin/pkill
pkill -9 0x766f6964
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 0x766f6964
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeRd0nks1337
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeRd0nks1337
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 gaft || busybox pkill -9 gaft"
/bin/sh
-
/usr/bin/pkill
pkill -9 gaft
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 gaft
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
/bin/sh
-
/usr/bin/pkill
pkill -9 urasgbsigboa
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 urasgbsigboa
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
/bin/sh
-
/usr/bin/pkill
pkill -9 120i3UI49
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 120i3UI49
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
/bin/sh
-
/usr/bin/pkill
pkill -9 OaF3
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 OaF3
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 geae || busybox pkill -9 geae"
/bin/sh
-
/usr/bin/pkill
pkill -9 geae
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 geae
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
/bin/sh
-
/usr/bin/pkill
pkill -9 vaiolmao
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 vaiolmao
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 123123a || busybox pkill -9 123123a"
/bin/sh
-
/usr/bin/pkill
pkill -9 123123a
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 123123a
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
/bin/sh
-
/usr/bin/pkill
pkill -9 Ofurain0n4H34D
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 Ofurain0n4H34D
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggTrex
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggTrex
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 wasads || busybox pkill -9 wasads"
/bin/sh
-
/usr/bin/pkill
pkill -9 wasads
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 wasads
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
/bin/sh
-
/usr/bin/pkill
pkill -9 1293194hjXD
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 1293194hjXD
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
/bin/sh
-
/usr/bin/pkill
pkill -9 OthLaLosn
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 OthLaLosn
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggt || busybox pkill -9 ggt"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggt
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggt
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
/bin/sh
-
/usr/bin/pkill
pkill -9 wget-log
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 wget-log
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
/bin/sh
-
/usr/bin/pkill
pkill -9 1337SoraLOADER
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 1337SoraLOADER
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
/bin/sh
-
/usr/bin/pkill
pkill -9 SAIAKINA
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SAIAKINA
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggtq
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggtq
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
/bin/sh
-
/usr/bin/pkill
pkill -9 1378bfp919GRB1Q2
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 1378bfp919GRB1Q2
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
/bin/sh
-
/usr/bin/pkill
pkill -9 SAIAKUSO
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SAIAKUSO
There are 294 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://youtu.be/dQw4w9WgXcQ
unknown
http://linux-it.abuser.eu/yak.sh;
unknown
https://youtu.be/dQw4w9WgXcQNever
unknown

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
95.234.158.87
unknown
Italy
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
7fa380039000
page execute read
 malicious
7fa380039000
page execute read
 malicious
55c0c486e000
page read and write
7fa485eb8000
page read and write
7ffe74bb8000
page execute read
7fa485f4a000
page read and write
7fa4862ac000
page read and write
7fa4862ac000
page read and write
7fa486517000
page read and write
7fa486517000
page read and write
55c0c4865000
page read and write
7ffe74a7c000
page read and write
7fa486b92000
page read and write
7fa486a69000
page read and write
55c0c74c8000
page read and write
7fa4856b0000
page read and write
7fa486888000
page read and write
7fa38004b000
page read and write
7fa480021000
page read and write
7fa485f4a000
page read and write
55c0c686c000
page execute and read and write
7fa48653a000
page read and write
7fa480021000
page read and write
7fa486bfb000
page read and write
55c0c74c8000
page read and write
55c0c6883000
page read and write
7fa486b92000
page read and write
7fa486bfb000
page read and write
7fa485eb8000
page read and write
7fa4856b0000
page read and write
7fa486a69000
page read and write
7fa38004b000
page read and write
7fa486bb6000
page read and write
7fa380042000
page read and write
55c0c4614000
page execute read
55c0c6883000
page read and write
7ffe74a7c000
page read and write
55c0c4865000
page read and write
7fa47ffff000
page read and write
7fa4866a6000
page read and write
7fa486bb6000
page read and write
55c0c4614000
page execute read
7fa47ffff000
page read and write
7fa48653a000
page read and write
55c0c486e000
page read and write
7ffe74bb8000
page execute read
7fa4866a6000
page read and write
55c0c686c000
page execute and read and write
7fa380042000
page read and write
7fa486888000
page read and write
There are 40 hidden memdumps, click here to show them.