Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
mips.nn.elf
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/etc/motd
|
ASCII text
|
dropped
|
||
|
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
||
|
/tmp/qemu-open.k8PTfW (deleted)
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.o3bRZX6L21 /tmp/tmp.OVeJZ0pFVr /tmp/tmp.cHcfetuI9Q
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.o3bRZX6L21 /tmp/tmp.OVeJZ0pFVr /tmp/tmp.cHcfetuI9Q
|
||
|
/tmp/mips.nn.elf
|
/tmp/mips.nn.elf
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/tmp/mips.nn.elf
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.156.227.233/curl.sh
|
unknown
|
||
|
http://94.156.227.233/lol.sh
|
unknown
|
||
|
http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
|
unknown
|
||
|
http://94.156.227.233/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
80.20.251.35
|
unknown
|
Italy
|
||
|
199.33.91.211
|
unknown
|
United States
|
||
|
112.34.164.39
|
unknown
|
China
|
||
|
50.186.103.47
|
unknown
|
United States
|
||
|
44.196.56.35
|
unknown
|
United States
|
||
|
5.167.84.140
|
unknown
|
Russian Federation
|
||
|
53.162.217.84
|
unknown
|
Germany
|
||
|
66.32.133.84
|
unknown
|
United States
|
||
|
93.188.61.45
|
unknown
|
Germany
|
||
|
66.189.182.25
|
unknown
|
United States
|
||
|
77.229.73.107
|
unknown
|
Spain
|
||
|
42.114.227.101
|
unknown
|
Viet Nam
|
||
|
154.73.42.114
|
unknown
|
Burundi
|
||
|
93.34.49.163
|
unknown
|
Italy
|
||
|
183.49.30.84
|
unknown
|
China
|
||
|
184.102.186.248
|
unknown
|
United States
|
||
|
165.155.3.157
|
unknown
|
United States
|
||
|
139.248.114.140
|
unknown
|
United States
|
||
|
201.196.133.232
|
unknown
|
Costa Rica
|
||
|
50.113.71.250
|
unknown
|
United States
|
||
|
35.106.18.199
|
unknown
|
United States
|
||
|
171.44.120.214
|
unknown
|
China
|
||
|
92.76.34.63
|
unknown
|
Germany
|
||
|
92.111.0.31
|
unknown
|
Netherlands
|
||
|
156.238.182.250
|
unknown
|
Seychelles
|
||
|
100.206.75.197
|
unknown
|
United States
|
||
|
49.134.114.82
|
unknown
|
Japan
|
||
|
65.107.173.58
|
unknown
|
United States
|
||
|
29.224.224.80
|
unknown
|
United States
|
||
|
112.122.96.206
|
unknown
|
China
|
||
|
214.65.182.98
|
unknown
|
United States
|
||
|
87.45.27.239
|
unknown
|
Ireland
|
||
|
159.74.151.221
|
unknown
|
United States
|
||
|
163.104.0.47
|
unknown
|
France
|
||
|
9.23.221.175
|
unknown
|
United States
|
||
|
86.201.162.128
|
unknown
|
France
|
||
|
144.230.123.206
|
unknown
|
United States
|
||
|
35.95.48.57
|
unknown
|
United States
|
||
|
120.66.50.222
|
unknown
|
China
|
||
|
189.140.197.122
|
unknown
|
Mexico
|
||
|
170.58.72.209
|
unknown
|
United States
|
||
|
80.41.244.53
|
unknown
|
United Kingdom
|
||
|
89.207.163.116
|
unknown
|
United Kingdom
|
||
|
11.205.241.8
|
unknown
|
United States
|
||
|
189.223.99.250
|
unknown
|
Mexico
|
||
|
33.93.52.235
|
unknown
|
United States
|
||
|
62.27.242.24
|
unknown
|
Germany
|
||
|
67.26.29.198
|
unknown
|
United States
|
||
|
149.88.233.72
|
unknown
|
United States
|
||
|
56.105.89.126
|
unknown
|
United States
|
||
|
90.18.89.129
|
unknown
|
France
|
||
|
65.35.223.21
|
unknown
|
United States
|
||
|
212.145.61.2
|
unknown
|
Spain
|
||
|
24.67.172.61
|
unknown
|
Canada
|
||
|
20.2.126.238
|
unknown
|
United States
|
||
|
173.113.165.31
|
unknown
|
United States
|
||
|
172.69.220.163
|
unknown
|
United States
|
||
|
218.137.190.230
|
unknown
|
Japan
|
||
|
11.203.96.173
|
unknown
|
United States
|
||
|
2.235.85.103
|
unknown
|
Italy
|
||
|
95.45.185.110
|
unknown
|
Ireland
|
||
|
22.120.195.16
|
unknown
|
United States
|
||
|
81.114.163.184
|
unknown
|
Italy
|
||
|
163.194.100.31
|
unknown
|
United States
|
||
|
39.179.160.91
|
unknown
|
China
|
||
|
94.29.105.204
|
unknown
|
Russian Federation
|
||
|
40.241.25.11
|
unknown
|
United States
|
||
|
89.204.234.3
|
unknown
|
Ireland
|
||
|
89.182.61.56
|
unknown
|
Germany
|
||
|
149.208.161.153
|
unknown
|
Germany
|
||
|
118.13.59.39
|
unknown
|
Japan
|
||
|
90.96.228.65
|
unknown
|
France
|
||
|
133.239.218.48
|
unknown
|
Japan
|
||
|
34.234.163.42
|
unknown
|
United States
|
||
|
95.209.80.190
|
unknown
|
Sweden
|
||
|
135.195.20.22
|
unknown
|
United States
|
||
|
64.123.213.208
|
unknown
|
United States
|
||
|
34.221.123.182
|
unknown
|
United States
|
||
|
138.197.23.254
|
unknown
|
United States
|
||
|
204.227.22.169
|
unknown
|
United States
|
||
|
206.196.203.37
|
unknown
|
United States
|
||
|
72.130.125.79
|
unknown
|
United States
|
||
|
131.96.101.245
|
unknown
|
United States
|
||
|
208.180.136.89
|
unknown
|
United States
|
||
|
125.49.4.127
|
unknown
|
Japan
|
||
|
198.54.204.110
|
unknown
|
South Africa
|
||
|
25.111.239.190
|
unknown
|
United Kingdom
|
||
|
65.207.215.74
|
unknown
|
United States
|
||
|
153.129.67.198
|
unknown
|
Japan
|
||
|
70.17.105.63
|
unknown
|
United States
|
||
|
188.73.76.37
|
unknown
|
Germany
|
||
|
162.83.183.80
|
unknown
|
United States
|
||
|
105.3.224.137
|
unknown
|
South Africa
|
||
|
34.56.102.224
|
unknown
|
United States
|
||
|
155.33.150.107
|
unknown
|
United States
|
||
|
150.181.79.3
|
unknown
|
United States
|
||
|
137.149.229.66
|
unknown
|
Canada
|
||
|
23.211.121.53
|
unknown
|
United States
|
||
|
121.153.77.52
|
unknown
|
Korea Republic of
|
||
|
169.154.31.115
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f8e60421000
|
page execute read
|
|
||
|
7f8ee6dc7000
|
page read and write
|
|||
|
7f8ee6776000
|
page read and write
|
|||
|
7f8e60467000
|
page read and write
|
|||
|
562b2dae5000
|
page read and write
|
|||
|
7f8ee5f60000
|
page read and write
|
|||
|
562b2bad0000
|
page read and write
|
|||
|
7f8ee7442000
|
page read and write
|
|||
|
7ffce1fbf000
|
page read and write
|
|||
|
562b2b83e000
|
page execute read
|
|||
|
7f8ee7319000
|
page read and write
|
|||
|
7f8ee0021000
|
page read and write
|
|||
|
7ffce1fc9000
|
page execute read
|
|||
|
7f8ee6e07000
|
page read and write
|
|||
|
7f8ee6768000
|
page read and write
|
|||
|
562b2bac6000
|
page read and write
|
|||
|
7f8ee744a000
|
page read and write
|
|||
|
7f8ee7138000
|
page read and write
|
|||
|
7f8ee6dea000
|
page read and write
|
|||
|
7f8ee0000000
|
page read and write
|
|||
|
7f8ee6a26000
|
page read and write
|
|||
|
7f8ee748f000
|
page read and write
|
|||
|
7f8e60462000
|
page read and write
|
|||
|
562b2f24c000
|
page read and write
|
|||
|
562b2dace000
|
page execute and read and write
|
There are 15 hidden memdumps, click here to show them.