IOC Report
3.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/3.elf
/tmp/3.elf
/tmp/3.elf
-
/tmp/3.elf
-
/tmp/3.elf
-
/tmp/3.elf
-
/tmp/3.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://1/wget.sh
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://9/curl.sh
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
157.55.87.199
unknown
United States
malicious
54.97.133.72
unknown
United States
malicious
197.89.97.53
unknown
South Africa
41.253.208.36
unknown
Libyan Arab Jamahiriya
157.151.183.250
unknown
United States
203.47.61.114
unknown
Australia
197.87.33.144
unknown
South Africa
197.154.181.229
unknown
Ethiopia
191.216.165.223
unknown
Brazil
197.219.152.191
unknown
Mozambique
157.183.23.196
unknown
United States
128.126.3.24
unknown
United States
157.181.189.191
unknown
Hungary
178.241.199.84
unknown
Turkey
41.113.157.246
unknown
South Africa
157.245.170.73
unknown
United States
157.146.249.221
unknown
United States
157.160.140.240
unknown
United States
197.133.10.216
unknown
Egypt
41.60.37.75
unknown
Mauritius
208.170.36.114
unknown
United States
41.21.227.49
unknown
South Africa
41.172.207.88
unknown
South Africa
197.166.178.10
unknown
Egypt
217.194.67.88
unknown
Germany
41.166.29.180
unknown
South Africa
197.119.11.229
unknown
Algeria
157.134.143.9
unknown
United States
157.139.78.199
unknown
United States
197.4.212.224
unknown
Tunisia
122.59.185.91
unknown
New Zealand
191.248.175.179
unknown
Brazil
111.162.29.195
unknown
China
197.114.33.151
unknown
Algeria
41.2.68.176
unknown
South Africa
197.73.232.14
unknown
South Africa
41.122.162.171
unknown
South Africa
197.96.136.90
unknown
South Africa
41.96.36.203
unknown
Algeria
162.18.167.11
unknown
United States
197.185.6.18
unknown
South Africa
157.51.156.220
unknown
India
41.128.101.160
unknown
Egypt
202.125.85.228
unknown
Thailand
161.33.91.76
unknown
United States
197.160.192.211
unknown
Egypt
197.109.134.77
unknown
South Africa
197.109.183.40
unknown
South Africa
157.125.42.189
unknown
Sweden
197.87.109.20
unknown
South Africa
157.112.136.25
unknown
Japan
197.70.12.17
unknown
South Africa
41.156.87.158
unknown
South Africa
197.55.123.248
unknown
Egypt
197.119.11.206
unknown
Algeria
98.72.70.85
unknown
United States
41.34.56.110
unknown
Egypt
141.201.77.64
unknown
Austria
197.116.111.99
unknown
Algeria
220.114.179.106
unknown
China
197.128.68.36
unknown
Morocco
24.153.83.246
unknown
United States
41.242.33.205
unknown
Cameroon
41.227.31.95
unknown
Tunisia
197.86.143.246
unknown
South Africa
218.181.62.66
unknown
Japan
137.220.247.57
unknown
Singapore
197.224.173.240
unknown
Mauritius
157.190.234.182
unknown
Ireland
157.238.132.95
unknown
United States
41.59.224.149
unknown
Tanzania United Republic of
41.145.83.45
unknown
South Africa
75.82.209.125
unknown
United States
41.242.248.243
unknown
South Africa
130.159.16.223
unknown
United Kingdom
157.222.9.43
unknown
United States
41.203.76.81
unknown
Nigeria
197.73.220.64
unknown
South Africa
41.19.31.114
unknown
South Africa
83.171.120.89
unknown
Russian Federation
157.91.133.216
unknown
United States
41.106.0.245
unknown
Algeria
197.165.32.17
unknown
Egypt
157.75.91.161
unknown
Japan
98.202.134.231
unknown
United States
41.186.110.99
unknown
Rwanda
103.146.47.145
unknown
unknown
157.229.117.62
unknown
United States
87.47.150.191
unknown
Ireland
41.94.199.82
unknown
Mozambique
157.35.140.28
unknown
India
157.140.67.184
unknown
United Kingdom
41.129.163.12
unknown
Egypt
157.250.121.37
unknown
Japan
157.28.174.134
unknown
Italy
120.103.236.253
unknown
Taiwan; Republic of China (ROC)
92.3.101.179
unknown
United Kingdom
159.44.92.234
unknown
United States
197.165.241.185
unknown
Egypt
183.18.84.188
unknown
China
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f20fcec5000
page read and write
7f20fcb97000
page read and write
55f26d309000
page read and write
7f20fcd78000
page read and write
7f20fcd78000
page read and write
7f20f3fff000
page read and write
7f1ff4035000
page read and write
7f20fc826000
page read and write
55f26fcd0000
page read and write
7f20fb9bf000
page read and write
7f20fc1c7000
page read and write
7f20f3fff000
page read and write
7f20fcea1000
page read and write
7f20fc9b5000
page read and write
7f1ff4035000
page read and write
7f20fc849000
page read and write
55f26f310000
page execute and read and write
7fff90dce000
page read and write
55f26d312000
page read and write
7f20fc259000
page read and write
7f20fc5bb000
page read and write
55f26d0b8000
page execute read
7f20fcea1000
page read and write
7f20fc1c7000
page read and write
7f1ff4032000
page read and write
55f26d312000
page read and write
7f20fc5bb000
page read and write
7f20fcb97000
page read and write
7f20fcf0a000
page read and write
7f1ff4029000
page execute read
7f20fc9b5000
page read and write
7f1ff4032000
page read and write
7f20f4021000
page read and write
55f26d0b8000
page execute read
7f20fcf0a000
page read and write
55f26f327000
page read and write
7fff90de4000
page execute read
7fff90de4000
page execute read
7f20fc259000
page read and write
7f20fc849000
page read and write
55f26f327000
page read and write
7f20fcec5000
page read and write
55f26fcd0000
page read and write
7f20fb9bf000
page read and write
55f26d309000
page read and write
7f20fc826000
page read and write
7f20f4021000
page read and write
55f26f310000
page execute and read and write
7f1ff4029000
page execute read
7fff90dce000
page read and write
There are 40 hidden memdumps, click here to show them.