Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
powerpc.nn.elf
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/etc/motd
|
ASCII text
|
dropped
|
||
|
/tmp/qemu-open.C2FRG2 (deleted)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/powerpc.nn.elf
|
/tmp/powerpc.nn.elf
|
||
|
/tmp/powerpc.nn.elf
|
-
|
||
|
/tmp/powerpc.nn.elf
|
-
|
||
|
/tmp/powerpc.nn.elf
|
-
|
||
|
/tmp/powerpc.nn.elf
|
-
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
|
||
|
/usr/libexec/gsd-housekeeping
|
/usr/libexec/gsd-housekeeping
|
||
|
/usr/lib/udisks2/udisksd
|
-
|
||
|
/usr/sbin/dumpe2fs
|
dumpe2fs -h /dev/dm-0
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.156.227.233/curl.sh
|
unknown
|
||
|
http://94.156.227.233/lol.sh
|
unknown
|
||
|
http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
|
unknown
|
||
|
http://94.156.227.233/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
57.93.240.230
|
unknown
|
Belgium
|
||
|
174.86.228.109
|
unknown
|
United States
|
||
|
123.215.70.2
|
unknown
|
Korea Republic of
|
||
|
155.93.255.77
|
unknown
|
South Africa
|
||
|
167.127.156.191
|
unknown
|
United States
|
||
|
115.233.229.115
|
unknown
|
China
|
||
|
143.197.251.29
|
unknown
|
United States
|
||
|
132.236.165.170
|
unknown
|
United States
|
||
|
60.124.155.239
|
unknown
|
Japan
|
||
|
173.230.114.253
|
unknown
|
United States
|
||
|
204.218.209.99
|
unknown
|
United States
|
||
|
24.33.244.251
|
unknown
|
United States
|
||
|
206.241.253.108
|
unknown
|
United States
|
||
|
162.244.19.163
|
unknown
|
Puerto Rico
|
||
|
96.20.21.92
|
unknown
|
Canada
|
||
|
181.197.213.59
|
unknown
|
Argentina
|
||
|
50.32.160.230
|
unknown
|
United States
|
||
|
9.16.210.33
|
unknown
|
United States
|
||
|
26.22.131.229
|
unknown
|
United States
|
||
|
36.251.31.20
|
unknown
|
China
|
||
|
154.239.244.120
|
unknown
|
Egypt
|
||
|
172.77.21.8
|
unknown
|
United States
|
||
|
109.12.96.251
|
unknown
|
France
|
||
|
32.236.165.253
|
unknown
|
United States
|
||
|
196.161.49.203
|
unknown
|
South Africa
|
||
|
54.113.117.5
|
unknown
|
United States
|
||
|
171.143.144.129
|
unknown
|
United States
|
||
|
142.49.7.60
|
unknown
|
Canada
|
||
|
202.200.99.76
|
unknown
|
China
|
||
|
130.255.163.184
|
unknown
|
Sweden
|
||
|
89.168.49.86
|
unknown
|
United Kingdom
|
||
|
26.211.112.248
|
unknown
|
United States
|
||
|
207.80.173.162
|
unknown
|
United States
|
||
|
11.232.114.153
|
unknown
|
United States
|
||
|
8.3.64.196
|
unknown
|
United States
|
||
|
177.150.122.167
|
unknown
|
Brazil
|
||
|
118.236.35.54
|
unknown
|
Japan
|
||
|
116.166.224.246
|
unknown
|
China
|
||
|
176.124.126.95
|
unknown
|
Russian Federation
|
||
|
32.149.40.92
|
unknown
|
United States
|
||
|
144.55.249.243
|
unknown
|
Australia
|
||
|
102.124.109.204
|
unknown
|
Sudan
|
||
|
159.2.244.171
|
unknown
|
Canada
|
||
|
113.125.11.202
|
unknown
|
China
|
||
|
182.77.130.161
|
unknown
|
India
|
||
|
12.80.215.47
|
unknown
|
United States
|
||
|
31.98.23.240
|
unknown
|
United Kingdom
|
||
|
170.246.228.237
|
unknown
|
Brazil
|
||
|
104.69.129.71
|
unknown
|
United States
|
||
|
91.72.140.167
|
unknown
|
United Arab Emirates
|
||
|
75.100.147.162
|
unknown
|
United States
|
||
|
49.102.62.108
|
unknown
|
Japan
|
||
|
95.233.212.163
|
unknown
|
Italy
|
||
|
63.249.159.170
|
unknown
|
United States
|
||
|
182.254.100.245
|
unknown
|
China
|
||
|
209.71.42.189
|
unknown
|
United States
|
||
|
83.25.18.112
|
unknown
|
Poland
|
||
|
124.221.209.171
|
unknown
|
China
|
||
|
85.176.213.38
|
unknown
|
Germany
|
||
|
135.173.89.193
|
unknown
|
United States
|
||
|
118.190.109.13
|
unknown
|
China
|
||
|
50.77.99.245
|
unknown
|
United States
|
||
|
169.100.31.34
|
unknown
|
United States
|
||
|
126.196.139.144
|
unknown
|
Japan
|
||
|
179.204.123.125
|
unknown
|
Brazil
|
||
|
147.226.242.15
|
unknown
|
United States
|
||
|
145.189.194.185
|
unknown
|
Netherlands
|
||
|
176.133.0.50
|
unknown
|
France
|
||
|
223.147.130.102
|
unknown
|
China
|
||
|
83.69.164.233
|
unknown
|
Russian Federation
|
||
|
202.72.179.118
|
unknown
|
Australia
|
||
|
184.188.248.223
|
unknown
|
United States
|
||
|
63.193.123.199
|
unknown
|
United States
|
||
|
188.137.36.53
|
unknown
|
Poland
|
||
|
61.71.181.186
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
|
189.84.229.193
|
unknown
|
Brazil
|
||
|
13.248.254.187
|
unknown
|
United States
|
||
|
76.99.10.128
|
unknown
|
United States
|
||
|
190.147.150.241
|
unknown
|
Colombia
|
||
|
31.167.38.227
|
unknown
|
Saudi Arabia
|
||
|
187.125.247.165
|
unknown
|
Brazil
|
||
|
29.71.199.53
|
unknown
|
United States
|
||
|
60.96.16.77
|
unknown
|
Japan
|
||
|
45.220.18.240
|
unknown
|
South Africa
|
||
|
64.252.131.125
|
unknown
|
United States
|
||
|
175.246.6.189
|
unknown
|
Korea Republic of
|
||
|
151.130.248.22
|
unknown
|
Australia
|
||
|
93.127.133.167
|
unknown
|
Germany
|
||
|
194.76.136.32
|
unknown
|
Latvia
|
||
|
219.66.94.237
|
unknown
|
Japan
|
||
|
185.144.208.79
|
unknown
|
Spain
|
||
|
162.247.244.127
|
unknown
|
United States
|
||
|
222.239.70.223
|
unknown
|
Korea Republic of
|
||
|
128.111.77.51
|
unknown
|
United States
|
||
|
211.86.233.111
|
unknown
|
China
|
||
|
63.43.78.67
|
unknown
|
United States
|
||
|
133.0.107.124
|
unknown
|
Japan
|
||
|
206.187.126.86
|
unknown
|
United States
|
||
|
133.71.4.163
|
unknown
|
Japan
|
||
|
72.132.185.181
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fb03801b000
|
page execute read
|
|
||
|
7fb12ee8c000
|
page read and write
|
|||
|
7fb12f9d1000
|
page read and write
|
|||
|
562ce3162000
|
page read and write
|
|||
|
7fb12f85b000
|
page read and write
|
|||
|
562ce517e000
|
page read and write
|
|||
|
562ce2edf000
|
page execute read
|
|||
|
7ffcb3052000
|
page read and write
|
|||
|
7fb12f510000
|
page read and write
|
|||
|
7fb12f129000
|
page read and write
|
|||
|
562ce6932000
|
page read and write
|
|||
|
7ffcb30cf000
|
page execute read
|
|||
|
7fb038030000
|
page read and write
|
|||
|
562ce316a000
|
page read and write
|
|||
|
7fb128000000
|
page read and write
|
|||
|
7fb12f98c000
|
page read and write
|
|||
|
7fb12f4eb000
|
page read and write
|
|||
|
7fb03802b000
|
page read and write
|
|||
|
7fb12f984000
|
page read and write
|
|||
|
7fb12ee9a000
|
page read and write
|
|||
|
7fb128021000
|
page read and write
|
|||
|
7fb12e689000
|
page read and write
|
|||
|
562ce5168000
|
page execute and read and write
|
There are 13 hidden memdumps, click here to show them.