IOC Report
2.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/2.elf
/tmp/2.elf
/tmp/2.elf
-
/tmp/2.elf
-
/tmp/2.elf
-
/tmp/2.elf
-
/tmp/2.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://1/wget.sh
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://9/curl.sh
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
41.69.118.218
unknown
Egypt
malicious
177.122.181.108
unknown
Brazil
malicious
41.107.69.136
unknown
Algeria
malicious
197.231.92.60
unknown
Gabon
malicious
41.169.49.24
unknown
South Africa
197.102.123.241
unknown
South Africa
125.22.5.12
unknown
India
197.233.216.99
unknown
Namibia
39.28.230.205
unknown
Korea Republic of
197.106.106.168
unknown
South Africa
197.243.124.179
unknown
Rwanda
197.128.81.53
unknown
Morocco
197.175.223.217
unknown
South Africa
197.59.229.28
unknown
Egypt
41.69.1.23
unknown
Egypt
8.132.125.243
unknown
Singapore
41.43.219.111
unknown
Egypt
74.214.134.155
unknown
Canada
197.29.99.169
unknown
Tunisia
57.178.27.177
unknown
Belgium
197.133.10.213
unknown
Egypt
197.67.168.142
unknown
South Africa
197.41.205.8
unknown
Egypt
157.170.36.37
unknown
United States
197.189.23.17
unknown
Congo The Democratic Republic of The
197.78.216.222
unknown
South Africa
41.120.42.126
unknown
South Africa
63.71.49.17
unknown
United States
41.245.106.242
unknown
unknown
157.20.21.157
unknown
unknown
157.170.96.248
unknown
United States
41.192.2.36
unknown
South Africa
197.43.98.185
unknown
Egypt
157.128.153.237
unknown
Australia
197.193.220.53
unknown
Egypt
197.148.25.218
unknown
Angola
197.47.108.222
unknown
Egypt
197.170.138.223
unknown
South Africa
197.193.144.149
unknown
Egypt
197.173.131.66
unknown
South Africa
41.52.18.193
unknown
South Africa
157.176.156.203
unknown
United States
41.241.199.3
unknown
Sudan
41.218.141.247
unknown
Egypt
157.230.201.7
unknown
United States
157.136.46.201
unknown
France
157.149.46.9
unknown
United States
197.237.51.104
unknown
Kenya
157.194.39.31
unknown
United States
197.60.132.86
unknown
Egypt
157.229.177.127
unknown
United States
157.159.2.40
unknown
France
217.57.80.1
unknown
Italy
41.239.206.52
unknown
Egypt
157.109.178.115
unknown
Japan
197.53.167.47
unknown
Egypt
201.182.132.210
unknown
Argentina
41.184.118.241
unknown
Nigeria
41.230.163.211
unknown
Tunisia
41.131.9.192
unknown
Egypt
197.58.18.213
unknown
Egypt
49.30.107.97
unknown
Korea Republic of
78.30.73.69
unknown
Poland
197.75.223.242
unknown
South Africa
41.37.179.95
unknown
Egypt
41.101.160.248
unknown
Algeria
197.251.97.155
unknown
Sudan
154.248.120.68
unknown
Algeria
157.126.197.170
unknown
United States
157.39.83.103
unknown
India
157.14.212.58
unknown
Japan
41.225.142.175
unknown
Tunisia
119.138.153.32
unknown
China
61.57.65.151
unknown
Taiwan; Republic of China (ROC)
41.61.164.248
unknown
South Africa
157.238.132.87
unknown
United States
221.71.49.181
unknown
Japan
35.80.246.132
unknown
United States
41.239.14.27
unknown
Egypt
41.129.163.19
unknown
Egypt
41.57.121.226
unknown
Nigeria
157.72.158.194
unknown
Japan
197.137.250.229
unknown
Kenya
41.96.61.49
unknown
Algeria
41.144.130.241
unknown
South Africa
41.244.38.251
unknown
Cameroon
41.30.144.243
unknown
South Africa
25.96.164.194
unknown
United Kingdom
197.185.94.71
unknown
South Africa
197.222.169.227
unknown
Egypt
41.244.194.0
unknown
Cameroon
157.237.19.145
unknown
Norway
157.75.1.75
unknown
Japan
197.86.54.182
unknown
South Africa
41.33.29.203
unknown
Egypt
197.4.224.38
unknown
Tunisia
41.152.155.29
unknown
Egypt
41.225.189.132
unknown
Tunisia
197.95.147.242
unknown
South Africa
41.121.67.27
unknown
South Africa
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7fb9ee5f0000
page read and write
7fb968459000
page read and write
7fb9e8021000
page read and write
7fb9ed10e000
page read and write
7fb968459000
page read and write
56373ca44000
page execute and read and write
7fb968418000
page execute read
7fb9ee63d000
page read and write
7fb968418000
page execute read
7fb96845c000
page read and write
56373a7b4000
page execute read
56373ca44000
page execute and read and write
7fb9edbd4000
page read and write
56373a7b4000
page execute read
7fb9ee4c7000
page read and write
7fb9edfb5000
page read and write
7fb9ee2e6000
page read and write
56373aa46000
page read and write
7fb9ee5f8000
page read and write
7fb9ed10e000
page read and write
56373ca5b000
page read and write
7fb9edfb5000
page read and write
56373aa46000
page read and write
7fb9ed924000
page read and write
7fb9edf75000
page read and write
7fb9e8000000
page read and write
7fb9ee5f8000
page read and write
7fb9edf98000
page read and write
7fb9ee5f0000
page read and write
56373aa3c000
page read and write
56373cb3d000
page read and write
56373cb3d000
page read and write
7fb96845c000
page read and write
7fb9ee2e6000
page read and write
7fb9edbd4000
page read and write
7fb9edf98000
page read and write
7ffd48fec000
page execute read
7fb9edf75000
page read and write
7ffd48fcd000
page read and write
56373aa3c000
page read and write
7fb9ed916000
page read and write
7fb9e8000000
page read and write
7fb9ed916000
page read and write
7ffd48fcd000
page read and write
7fb9e8021000
page read and write
7fb9ed924000
page read and write
7fb9ee63d000
page read and write
56373ca5b000
page read and write
7fb9ee4c7000
page read and write
7ffd48fec000
page execute read
There are 40 hidden memdumps, click here to show them.