Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
la.bot.m68k.elf
|
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/heavens.txt
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/la.bot.m68k.elf
|
/tmp/la.bot.m68k.elf
|
||
|
/tmp/la.bot.m68k.elf
|
-
|
||
|
/tmp/la.bot.m68k.elf
|
-
|
||
|
/tmp/la.bot.m68k.elf
|
-
|
||
|
/tmp/la.bot.m68k.elf
|
-
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.n6LgbTxjya /tmp/tmp.6XnFwrMLir /tmp/tmp.c1z0QrGuGe
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.n6LgbTxjya /tmp/tmp.6XnFwrMLir /tmp/tmp.c1z0QrGuGe
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http:///wget.sh
|
unknown
|
||
|
http:///curl.sh
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
222.139.186.153
|
unknown
|
China
|
||
|
27.213.48.123
|
unknown
|
China
|
||
|
82.43.150.116
|
unknown
|
United Kingdom
|
||
|
126.172.153.220
|
unknown
|
Japan
|
||
|
56.90.34.89
|
unknown
|
United States
|
||
|
87.154.32.99
|
unknown
|
Germany
|
||
|
82.152.28.44
|
unknown
|
United Kingdom
|
||
|
3.16.232.189
|
unknown
|
United States
|
||
|
68.51.15.126
|
unknown
|
United States
|
||
|
46.115.225.249
|
unknown
|
Germany
|
||
|
166.241.154.165
|
unknown
|
United States
|
||
|
154.171.203.207
|
unknown
|
Ghana
|
||
|
51.109.25.68
|
unknown
|
United Kingdom
|
||
|
85.251.33.81
|
unknown
|
Spain
|
||
|
44.168.122.158
|
unknown
|
United States
|
||
|
53.152.173.223
|
unknown
|
Germany
|
||
|
96.124.28.197
|
unknown
|
United States
|
||
|
134.109.173.52
|
unknown
|
Germany
|
||
|
188.84.175.177
|
unknown
|
Spain
|
||
|
34.60.153.33
|
unknown
|
United States
|
||
|
181.112.141.138
|
unknown
|
Ecuador
|
||
|
43.243.51.239
|
unknown
|
Hong Kong
|
||
|
156.98.111.36
|
unknown
|
United States
|
||
|
1.162.23.190
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
187.254.117.82
|
unknown
|
Mexico
|
||
|
149.199.228.147
|
unknown
|
United States
|
||
|
206.157.228.139
|
unknown
|
United States
|
||
|
4.209.22.140
|
unknown
|
United States
|
||
|
117.68.12.84
|
unknown
|
China
|
||
|
73.242.79.91
|
unknown
|
United States
|
||
|
58.117.122.212
|
unknown
|
China
|
||
|
128.79.5.213
|
unknown
|
France
|
||
|
152.239.32.199
|
unknown
|
Brazil
|
||
|
211.27.3.35
|
unknown
|
Australia
|
||
|
14.1.76.177
|
unknown
|
New Zealand
|
||
|
46.19.59.173
|
unknown
|
Germany
|
||
|
104.51.206.161
|
unknown
|
United States
|
||
|
31.223.75.172
|
unknown
|
Turkey
|
||
|
200.133.48.200
|
unknown
|
Brazil
|
||
|
103.74.155.121
|
unknown
|
China
|
||
|
113.111.205.11
|
unknown
|
China
|
||
|
66.190.144.227
|
unknown
|
United States
|
||
|
19.197.59.193
|
unknown
|
United States
|
||
|
25.104.155.5
|
unknown
|
United Kingdom
|
||
|
108.76.63.41
|
unknown
|
United States
|
||
|
35.164.85.159
|
unknown
|
United States
|
||
|
66.192.172.28
|
unknown
|
United States
|
||
|
75.29.133.122
|
unknown
|
United States
|
||
|
86.173.237.82
|
unknown
|
United Kingdom
|
||
|
119.239.141.238
|
unknown
|
Japan
|
||
|
114.237.76.23
|
unknown
|
China
|
||
|
190.48.172.74
|
unknown
|
Argentina
|
||
|
167.59.198.17
|
unknown
|
Uruguay
|
||
|
66.205.48.76
|
unknown
|
United States
|
||
|
183.226.71.150
|
unknown
|
China
|
||
|
21.63.221.45
|
unknown
|
United States
|
||
|
114.28.11.118
|
unknown
|
China
|
||
|
147.25.222.217
|
unknown
|
United States
|
||
|
164.127.51.30
|
unknown
|
Poland
|
||
|
33.219.170.29
|
unknown
|
United States
|
||
|
73.191.255.20
|
unknown
|
United States
|
||
|
210.212.150.124
|
unknown
|
India
|
||
|
38.152.70.6
|
unknown
|
United States
|
||
|
68.116.181.238
|
unknown
|
United States
|
||
|
167.248.45.66
|
unknown
|
United States
|
||
|
169.116.183.45
|
unknown
|
United States
|
||
|
138.90.192.101
|
unknown
|
United States
|
||
|
68.219.161.216
|
unknown
|
United States
|
||
|
175.155.99.61
|
unknown
|
China
|
||
|
58.37.209.144
|
unknown
|
China
|
||
|
168.112.65.133
|
unknown
|
United States
|
||
|
183.88.205.205
|
unknown
|
Thailand
|
||
|
218.64.189.67
|
unknown
|
China
|
||
|
126.100.148.251
|
unknown
|
Japan
|
||
|
175.160.244.102
|
unknown
|
China
|
||
|
8.12.124.65
|
unknown
|
United States
|
||
|
118.51.62.98
|
unknown
|
Korea Republic of
|
||
|
60.124.193.23
|
unknown
|
Japan
|
||
|
75.98.207.17
|
unknown
|
Canada
|
||
|
145.3.180.250
|
unknown
|
Netherlands
|
||
|
208.62.233.89
|
unknown
|
United States
|
||
|
144.131.173.62
|
unknown
|
Australia
|
||
|
162.48.192.235
|
unknown
|
United States
|
||
|
147.154.139.188
|
unknown
|
United States
|
||
|
115.41.83.125
|
unknown
|
Korea Republic of
|
||
|
169.88.234.89
|
unknown
|
United States
|
||
|
123.95.92.231
|
unknown
|
China
|
||
|
125.214.167.118
|
unknown
|
Sri Lanka
|
||
|
167.248.223.244
|
unknown
|
United States
|
||
|
196.144.27.97
|
unknown
|
Egypt
|
||
|
128.12.177.151
|
unknown
|
United States
|
||
|
220.241.31.128
|
unknown
|
Hong Kong
|
||
|
137.62.200.53
|
unknown
|
Switzerland
|
||
|
182.82.80.80
|
unknown
|
China
|
||
|
70.222.117.108
|
unknown
|
United States
|
||
|
204.228.201.165
|
unknown
|
United States
|
||
|
72.223.228.187
|
unknown
|
United States
|
||
|
20.192.229.76
|
unknown
|
United States
|
||
|
166.157.52.53
|
unknown
|
United States
|
||
|
59.60.138.133
|
unknown
|
China
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f5548018000
|
page execute read
|
|
||
|
7f55d03d1000
|
page read and write
|
|||
|
7f55c8000000
|
page read and write
|
|||
|
7f55cff55000
|
page read and write
|
|||
|
7f55cf8d1000
|
page read and write
|
|||
|
7f55cf0ce000
|
page read and write
|
|||
|
7f55cf8df000
|
page read and write
|
|||
|
7f55d03c9000
|
page read and write
|
|||
|
5644390a6000
|
page read and write
|
|||
|
564435868000
|
page execute read
|
|||
|
7f55d0416000
|
page read and write
|
|||
|
7f5548023000
|
page read and write
|
|||
|
7f55c8021000
|
page read and write
|
|||
|
7ffe435e5000
|
page execute read
|
|||
|
564437aa0000
|
page execute and read and write
|
|||
|
564435aa2000
|
page read and write
|
|||
|
7f55cfb6e000
|
page read and write
|
|||
|
564437b37000
|
page read and write
|
|||
|
7ffe43555000
|
page read and write
|
|||
|
564435a9a000
|
page read and write
|
|||
|
7f55d02a0000
|
page read and write
|
|||
|
7f554801a000
|
page read and write
|
|||
|
7f55cff30000
|
page read and write
|
There are 13 hidden memdumps, click here to show them.