IOC Report
1.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/1.elf
/tmp/1.elf
/tmp/1.elf
-
/tmp/1.elf
-
/tmp/1.elf
-
/tmp/1.elf
-
/tmp/1.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://1/wget.sh
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://9/curl.sh
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
157.56.153.252
unknown
United States
malicious
41.42.189.166
unknown
Egypt
malicious
197.253.190.191
unknown
Morocco
malicious
157.114.186.77
unknown
Japan
malicious
222.215.142.127
unknown
China
malicious
197.131.16.162
unknown
Morocco
malicious
197.27.94.102
unknown
Tunisia
157.108.188.235
unknown
Japan
197.214.107.239
unknown
Nigeria
157.197.59.176
unknown
Korea Republic of
41.85.195.228
unknown
Zimbabwe
105.5.171.25
unknown
South Africa
41.18.170.166
unknown
South Africa
157.24.67.239
unknown
Finland
41.5.242.212
unknown
South Africa
197.5.202.141
unknown
Tunisia
60.113.125.130
unknown
Japan
9.48.203.52
unknown
United States
197.70.186.113
unknown
South Africa
157.143.168.253
unknown
United States
157.85.134.14
unknown
Australia
197.21.41.67
unknown
Tunisia
197.193.219.44
unknown
Egypt
5.241.71.246
unknown
Sweden
41.35.117.13
unknown
Egypt
41.178.155.154
unknown
Egypt
152.157.227.190
unknown
United States
41.121.79.74
unknown
South Africa
207.43.44.252
unknown
United States
172.199.210.238
unknown
Australia
41.94.187.25
unknown
Mozambique
36.116.33.109
unknown
China
41.190.88.88
unknown
Ghana
41.205.252.71
unknown
Sierra Leone
199.33.215.69
unknown
United States
157.198.172.255
unknown
United States
115.57.30.137
unknown
China
157.105.247.176
unknown
Japan
157.72.158.134
unknown
Japan
197.197.77.85
unknown
Egypt
41.193.123.137
unknown
South Africa
157.136.94.115
unknown
France
41.64.233.20
unknown
Egypt
113.223.155.28
unknown
China
197.89.85.92
unknown
South Africa
197.199.7.169
unknown
Egypt
41.115.236.68
unknown
South Africa
39.150.178.229
unknown
China
197.140.232.136
unknown
Algeria
197.221.108.131
unknown
South Africa
157.71.244.65
unknown
Japan
157.53.34.241
unknown
United States
157.202.153.187
unknown
United States
20.126.44.156
unknown
United States
197.10.125.62
unknown
Tunisia
41.117.2.15
unknown
South Africa
197.10.37.155
unknown
Tunisia
197.211.29.60
unknown
Kenya
117.18.101.225
unknown
Hong Kong
41.185.180.246
unknown
South Africa
197.112.117.115
unknown
Algeria
41.166.157.207
unknown
South Africa
157.251.170.237
unknown
United States
41.60.37.55
unknown
Mauritius
51.53.236.237
unknown
United Kingdom
197.96.148.75
unknown
South Africa
50.9.207.106
unknown
United States
157.14.236.79
unknown
Japan
157.109.131.130
unknown
Japan
220.126.17.42
unknown
Korea Republic of
197.55.193.68
unknown
Egypt
157.255.65.139
unknown
China
157.194.75.133
unknown
United States
157.123.84.103
unknown
United States
41.211.25.108
unknown
Ghana
41.60.13.77
unknown
Mauritius
197.211.31.170
unknown
Kenya
157.177.222.249
unknown
Austria
197.25.238.84
unknown
Tunisia
41.57.122.1
unknown
Nigeria
2.44.236.110
unknown
Italy
157.233.0.252
unknown
United States
89.228.178.128
unknown
Poland
41.104.241.229
unknown
Algeria
113.166.214.209
unknown
Viet Nam
115.112.15.237
unknown
India
51.50.207.156
unknown
United States
157.87.184.29
unknown
United States
157.85.210.207
unknown
Australia
157.198.159.86
unknown
United States
197.33.61.81
unknown
Egypt
88.54.243.130
unknown
Italy
154.254.140.8
unknown
Algeria
197.123.173.69
unknown
Egypt
197.219.214.65
unknown
Mozambique
20.92.77.39
unknown
United States
197.202.110.234
unknown
Algeria
197.200.230.255
unknown
Algeria
157.54.102.238
unknown
United States
41.201.246.102
unknown
Algeria
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f234ec8c000
page read and write
7f234f2dd000
page read and write
55aa99c35000
page read and write
7f234f31d000
page read and write
55aa9bc54000
page read and write
55aa999ad000
page execute read
7f2348021000
page read and write
7ffd83dae000
page read and write
7f234f9a5000
page read and write
55aa99c3f000
page read and write
55aa99c3f000
page read and write
7f234f82f000
page read and write
7ffd83dae000
page read and write
7ffd83dfd000
page execute read
7f234e476000
page read and write
7f234f64e000
page read and write
7f2348000000
page read and write
7f22c845c000
page read and write
7f22c8418000
page execute read
7f234f31d000
page read and write
7f234f958000
page read and write
7f234f9a5000
page read and write
7f22c8458000
page read and write
7f22c8458000
page read and write
7f2348000000
page read and write
7f2348021000
page read and write
7f234f82f000
page read and write
7f234f300000
page read and write
7f234f960000
page read and write
7f234f2dd000
page read and write
7f234ec7e000
page read and write
55aa9cf07000
page read and write
7f22c8418000
page execute read
55aa99c35000
page read and write
55aa9bc54000
page read and write
7f234f64e000
page read and write
55aa9cf07000
page read and write
7f234f960000
page read and write
7f234e476000
page read and write
7f234ef3c000
page read and write
55aa9bc3d000
page execute and read and write
7f234f958000
page read and write
55aa9bc3d000
page execute and read and write
7f234ec7e000
page read and write
7f234ef3c000
page read and write
7ffd83dfd000
page execute read
55aa999ad000
page execute read
7f234ec8c000
page read and write
7f234f300000
page read and write
7f22c845c000
page read and write
There are 40 hidden memdumps, click here to show them.