Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
mips.nn.elf
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/etc/motd
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.zlEnOZ (deleted)
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/mips.nn.elf
|
/tmp/mips.nn.elf
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.156.227.233/curl.sh
|
unknown
|
||
|
http://94.156.227.233/lol.sh
|
unknown
|
||
|
http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
|
unknown
|
||
|
http://94.156.227.233/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
114.171.214.248
|
unknown
|
Japan
|
||
|
123.238.41.160
|
unknown
|
India
|
||
|
46.235.136.66
|
unknown
|
Italy
|
||
|
162.16.207.15
|
unknown
|
United States
|
||
|
25.95.13.157
|
unknown
|
United Kingdom
|
||
|
79.230.205.174
|
unknown
|
Germany
|
||
|
106.171.143.33
|
unknown
|
Japan
|
||
|
92.103.218.129
|
unknown
|
France
|
||
|
131.47.77.23
|
unknown
|
United States
|
||
|
176.158.31.11
|
unknown
|
France
|
||
|
16.92.248.169
|
unknown
|
United States
|
||
|
187.205.15.107
|
unknown
|
Mexico
|
||
|
73.158.5.250
|
unknown
|
United States
|
||
|
124.46.93.136
|
unknown
|
Korea Republic of
|
||
|
207.73.92.61
|
unknown
|
United States
|
||
|
193.0.152.73
|
unknown
|
Russian Federation
|
||
|
158.22.228.197
|
unknown
|
United States
|
||
|
185.204.137.224
|
unknown
|
Ireland
|
||
|
212.138.90.110
|
unknown
|
Saudi Arabia
|
||
|
38.116.126.9
|
unknown
|
United States
|
||
|
89.234.28.7
|
unknown
|
United Kingdom
|
||
|
175.235.81.175
|
unknown
|
Korea Republic of
|
||
|
198.185.241.102
|
unknown
|
United States
|
||
|
40.4.203.143
|
unknown
|
United States
|
||
|
173.255.36.239
|
unknown
|
United States
|
||
|
85.71.211.239
|
unknown
|
Czech Republic
|
||
|
179.225.107.21
|
unknown
|
Brazil
|
||
|
21.127.118.106
|
unknown
|
United States
|
||
|
134.49.149.213
|
unknown
|
United States
|
||
|
194.89.26.187
|
unknown
|
Finland
|
||
|
37.0.114.158
|
unknown
|
Germany
|
||
|
148.221.95.25
|
unknown
|
Mexico
|
||
|
100.61.74.33
|
unknown
|
United States
|
||
|
142.188.170.28
|
unknown
|
Canada
|
||
|
207.194.51.58
|
unknown
|
Canada
|
||
|
38.177.215.166
|
unknown
|
United States
|
||
|
57.41.27.141
|
unknown
|
Belgium
|
||
|
197.89.53.21
|
unknown
|
South Africa
|
||
|
158.20.103.146
|
unknown
|
United States
|
||
|
60.239.176.88
|
unknown
|
Japan
|
||
|
88.119.98.42
|
unknown
|
Lithuania
|
||
|
79.133.33.157
|
unknown
|
Germany
|
||
|
81.186.24.135
|
unknown
|
Greece
|
||
|
215.177.131.37
|
unknown
|
United States
|
||
|
144.90.147.91
|
unknown
|
United States
|
||
|
92.221.125.208
|
unknown
|
Norway
|
||
|
122.3.67.242
|
unknown
|
Philippines
|
||
|
82.190.169.163
|
unknown
|
Italy
|
||
|
36.220.67.2
|
unknown
|
China
|
||
|
180.219.174.220
|
unknown
|
Hong Kong
|
||
|
129.76.65.112
|
unknown
|
United States
|
||
|
173.104.161.185
|
unknown
|
United States
|
||
|
12.244.58.105
|
unknown
|
United States
|
||
|
178.135.97.139
|
unknown
|
Lebanon
|
||
|
215.3.75.75
|
unknown
|
United States
|
||
|
65.185.252.214
|
unknown
|
United States
|
||
|
46.62.214.21
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
22.240.106.198
|
unknown
|
United States
|
||
|
12.12.27.70
|
unknown
|
United States
|
||
|
186.116.34.231
|
unknown
|
Colombia
|
||
|
158.211.143.99
|
unknown
|
Japan
|
||
|
12.138.17.22
|
unknown
|
United States
|
||
|
89.110.32.213
|
unknown
|
Russian Federation
|
||
|
119.250.63.90
|
unknown
|
China
|
||
|
186.52.142.205
|
unknown
|
Uruguay
|
||
|
222.90.52.105
|
unknown
|
China
|
||
|
221.141.199.204
|
unknown
|
Korea Republic of
|
||
|
192.47.235.205
|
unknown
|
Japan
|
||
|
193.42.34.225
|
unknown
|
Germany
|
||
|
46.196.44.254
|
unknown
|
Turkey
|
||
|
37.151.174.83
|
unknown
|
Kazakhstan
|
||
|
155.145.125.114
|
unknown
|
United Kingdom
|
||
|
49.252.15.30
|
unknown
|
Japan
|
||
|
99.29.22.148
|
unknown
|
United States
|
||
|
141.132.77.8
|
unknown
|
Australia
|
||
|
186.216.174.221
|
unknown
|
Brazil
|
||
|
153.242.20.149
|
unknown
|
Japan
|
||
|
182.96.202.150
|
unknown
|
China
|
||
|
209.50.30.196
|
unknown
|
United States
|
||
|
93.37.49.195
|
unknown
|
Italy
|
||
|
215.235.57.72
|
unknown
|
United States
|
||
|
132.15.117.214
|
unknown
|
United States
|
||
|
165.95.81.150
|
unknown
|
United States
|
||
|
202.145.152.143
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
44.194.239.200
|
unknown
|
United States
|
||
|
203.42.234.208
|
unknown
|
Australia
|
||
|
202.212.151.129
|
unknown
|
Japan
|
||
|
52.151.73.99
|
unknown
|
United States
|
||
|
144.26.145.231
|
unknown
|
United States
|
||
|
1.235.239.80
|
unknown
|
Korea Republic of
|
||
|
81.235.23.99
|
unknown
|
Sweden
|
||
|
198.109.38.100
|
unknown
|
United States
|
||
|
125.148.154.29
|
unknown
|
Korea Republic of
|
||
|
215.179.148.91
|
unknown
|
United States
|
||
|
8.45.209.183
|
unknown
|
United States
|
||
|
38.98.109.142
|
unknown
|
United States
|
||
|
20.181.7.34
|
unknown
|
United States
|
||
|
171.93.229.84
|
unknown
|
China
|
||
|
204.208.92.154
|
unknown
|
United States
|
||
|
11.120.224.250
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fa4d0420000
|
page execute read
|
|
||
|
55c019d07000
|
page execute read
|
|||
|
7fa557937000
|
page read and write
|
|||
|
7fa4d0461000
|
page read and write
|
|||
|
7ffdbdbca000
|
page execute read
|
|||
|
7fa550000000
|
page read and write
|
|||
|
55c01bf97000
|
page execute and read and write
|
|||
|
7fa5572af000
|
page read and write
|
|||
|
7fa556c1e000
|
page read and write
|
|||
|
55c019f99000
|
page read and write
|
|||
|
7fa5578f2000
|
page read and write
|
|||
|
55c01bfae000
|
page read and write
|
|||
|
7fa556c10000
|
page read and write
|
|||
|
7fa557292000
|
page read and write
|
|||
|
7fa55726f000
|
page read and write
|
|||
|
7fa5575e0000
|
page read and write
|
|||
|
7fa550021000
|
page read and write
|
|||
|
55c01d248000
|
page read and write
|
|||
|
55c019f8f000
|
page read and write
|
|||
|
7fa5577c1000
|
page read and write
|
|||
|
7fa556ece000
|
page read and write
|
|||
|
7fa556408000
|
page read and write
|
|||
|
7ffdbdb9c000
|
page read and write
|
|||
|
7fa4d0466000
|
page read and write
|
|||
|
7fa5578ea000
|
page read and write
|
There are 15 hidden memdumps, click here to show them.