Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
arm5.nn-20241218-0633.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
 |
|
|
/etc/motd
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.Lb1GCE (deleted)
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.2Vk4GHUvv3 /tmp/tmp.AyMCUiGuNP /tmp/tmp.0eZyUHHcgu
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.2Vk4GHUvv3 /tmp/tmp.AyMCUiGuNP /tmp/tmp.0eZyUHHcgu
|
||
|
/tmp/arm5.nn-20241218-0633.elf
|
/tmp/arm5.nn-20241218-0633.elf
|
||
|
/tmp/arm5.nn-20241218-0633.elf
|
-
|
||
|
/tmp/arm5.nn-20241218-0633.elf
|
-
|
||
|
/tmp/arm5.nn-20241218-0633.elf
|
-
|
||
|
/tmp/arm5.nn-20241218-0633.elf
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.156.227.233/curl.sh
|
unknown
|
||
|
http://94.156.227.233/lol.sh
|
unknown
|
||
|
http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
|
unknown
|
||
|
http://94.156.227.233/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.157.206.185
|
unknown
|
United States
|
||
|
155.190.105.235
|
unknown
|
Netherlands
|
||
|
164.35.51.211
|
unknown
|
Belgium
|
||
|
40.222.127.195
|
unknown
|
United States
|
||
|
40.1.165.90
|
unknown
|
United States
|
||
|
153.122.122.184
|
unknown
|
Japan
|
||
|
61.14.205.143
|
unknown
|
India
|
||
|
207.67.91.54
|
unknown
|
United States
|
||
|
103.143.208.58
|
unknown
|
Viet Nam
|
||
|
105.158.78.210
|
unknown
|
Morocco
|
||
|
128.66.90.39
|
unknown
|
Italy
|
||
|
181.183.175.74
|
unknown
|
Venezuela
|
||
|
113.13.84.34
|
unknown
|
China
|
||
|
111.206.47.61
|
unknown
|
China
|
||
|
148.250.47.5
|
unknown
|
Mexico
|
||
|
183.169.48.230
|
unknown
|
China
|
||
|
220.109.229.200
|
unknown
|
Japan
|
||
|
114.74.255.223
|
unknown
|
Australia
|
||
|
97.67.71.162
|
unknown
|
United States
|
||
|
123.41.174.130
|
unknown
|
Korea Republic of
|
||
|
159.156.48.202
|
unknown
|
Switzerland
|
||
|
112.32.29.51
|
unknown
|
China
|
||
|
120.196.43.25
|
unknown
|
China
|
||
|
39.241.4.20
|
unknown
|
Indonesia
|
||
|
79.34.169.131
|
unknown
|
Italy
|
||
|
106.108.224.219
|
unknown
|
China
|
||
|
94.27.2.107
|
unknown
|
Ukraine
|
||
|
33.71.230.164
|
unknown
|
United States
|
||
|
22.4.220.86
|
unknown
|
United States
|
||
|
218.118.11.201
|
unknown
|
Japan
|
||
|
210.168.244.162
|
unknown
|
Japan
|
||
|
60.216.14.26
|
unknown
|
China
|
||
|
163.27.95.84
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
173.135.10.184
|
unknown
|
United States
|
||
|
37.44.196.174
|
unknown
|
Russian Federation
|
||
|
14.177.224.114
|
unknown
|
Viet Nam
|
||
|
95.131.78.148
|
unknown
|
Russian Federation
|
||
|
18.40.70.108
|
unknown
|
United States
|
||
|
151.17.74.40
|
unknown
|
Italy
|
||
|
83.195.166.18
|
unknown
|
France
|
||
|
204.208.17.206
|
unknown
|
United States
|
||
|
155.31.220.224
|
unknown
|
United States
|
||
|
91.162.44.227
|
unknown
|
France
|
||
|
26.69.120.206
|
unknown
|
United States
|
||
|
131.29.217.221
|
unknown
|
United States
|
||
|
148.133.136.251
|
unknown
|
United States
|
||
|
17.192.105.73
|
unknown
|
United States
|
||
|
217.36.158.157
|
unknown
|
United Kingdom
|
||
|
138.222.188.250
|
unknown
|
Switzerland
|
||
|
17.157.67.104
|
unknown
|
United States
|
||
|
109.154.252.158
|
unknown
|
United Kingdom
|
||
|
140.167.74.158
|
unknown
|
Canada
|
||
|
55.106.253.168
|
unknown
|
United States
|
||
|
87.149.9.130
|
unknown
|
Germany
|
||
|
140.183.143.218
|
unknown
|
United States
|
||
|
16.207.88.180
|
unknown
|
United States
|
||
|
204.51.124.162
|
unknown
|
United States
|
||
|
212.90.254.134
|
unknown
|
Czech Republic
|
||
|
114.97.146.113
|
unknown
|
China
|
||
|
56.58.95.82
|
unknown
|
United States
|
||
|
135.145.118.150
|
unknown
|
United States
|
||
|
156.183.7.142
|
unknown
|
Egypt
|
||
|
66.182.204.117
|
unknown
|
United States
|
||
|
214.93.142.185
|
unknown
|
United States
|
||
|
162.175.43.176
|
unknown
|
United States
|
||
|
48.55.16.11
|
unknown
|
United States
|
||
|
59.63.145.177
|
unknown
|
China
|
||
|
220.123.218.34
|
unknown
|
Korea Republic of
|
||
|
87.42.38.223
|
unknown
|
Ireland
|
||
|
173.46.131.236
|
unknown
|
United States
|
||
|
82.231.152.180
|
unknown
|
France
|
||
|
93.246.187.209
|
unknown
|
Germany
|
||
|
50.21.101.99
|
unknown
|
United States
|
||
|
60.220.10.238
|
unknown
|
China
|
||
|
200.79.141.155
|
unknown
|
Mexico
|
||
|
49.68.231.143
|
unknown
|
China
|
||
|
119.70.200.0
|
unknown
|
Korea Republic of
|
||
|
97.221.104.163
|
unknown
|
United States
|
||
|
141.61.24.32
|
unknown
|
Germany
|
||
|
34.65.20.112
|
unknown
|
United States
|
||
|
145.51.240.33
|
unknown
|
Netherlands
|
||
|
184.183.159.148
|
unknown
|
United States
|
||
|
158.97.33.46
|
unknown
|
Mexico
|
||
|
110.162.74.168
|
unknown
|
Japan
|
||
|
134.179.57.223
|
unknown
|
United States
|
||
|
103.164.226.56
|
unknown
|
unknown
|
||
|
74.19.59.248
|
unknown
|
United States
|
||
|
32.224.145.220
|
unknown
|
United States
|
||
|
152.22.206.134
|
unknown
|
United States
|
||
|
156.226.203.160
|
unknown
|
Seychelles
|
||
|
135.254.221.60
|
unknown
|
United States
|
||
|
56.3.220.202
|
unknown
|
United States
|
||
|
66.98.194.87
|
unknown
|
United States
|
||
|
136.148.214.22
|
unknown
|
United Kingdom
|
||
|
35.105.190.38
|
unknown
|
United States
|
||
|
49.226.56.203
|
unknown
|
New Zealand
|
||
|
222.61.248.29
|
unknown
|
China
|
||
|
80.31.14.153
|
unknown
|
Spain
|
||
|
200.80.229.78
|
unknown
|
Argentina
|
||
|
41.132.12.178
|
unknown
|
South Africa
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fe574031000
|
page execute read
|
|
||
|
7fe67afa2000
|
page read and write
|
|||
|
7fe67a94a000
|
page read and write
|
|||
|
7fe67a6bc000
|
page read and write
|
|||
|
55c5e5e28000
|
page read and write
|
|||
|
55c5e3d6e000
|
page read and write
|
|||
|
7fe67ae79000
|
page read and write
|
|||
|
7ffe1f4f0000
|
page read and write
|
|||
|
7ffe1f590000
|
page execute read
|
|||
|
55c5e1d50000
|
page read and write
|
|||
|
7fe679ac0000
|
page read and write
|
|||
|
55c5e1d59000
|
page read and write
|
|||
|
7fe67ac98000
|
page read and write
|
|||
|
7fe67aab6000
|
page read and write
|
|||
|
7fe67a35a000
|
page read and write
|
|||
|
7fe674021000
|
page read and write
|
|||
|
7fe67afc6000
|
page read and write
|
|||
|
7fe673fff000
|
page read and write
|
|||
|
7fe57403e000
|
page read and write
|
|||
|
55c5e1aff000
|
page execute read
|
|||
|
55c5e3d57000
|
page execute and read and write
|
|||
|
7fe67a927000
|
page read and write
|
|||
|
7fe67a2c8000
|
page read and write
|
|||
|
7fe574039000
|
page read and write
|
|||
|
7fe67b00b000
|
page read and write
|
There are 15 hidden memdumps, click here to show them.