IOC Report
2.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.xhX4QP054m /tmp/tmp.lQdjLJkcpS /tmp/tmp.OZess4uDXl
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.xhX4QP054m /tmp/tmp.lQdjLJkcpS /tmp/tmp.OZess4uDXl
/tmp/2.elf
/tmp/2.elf
/tmp/2.elf
-
/tmp/2.elf
-
/tmp/2.elf
-
/tmp/2.elf
-
/tmp/2.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://1/wget.sh
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://9/curl.sh
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
197.154.8.95
unknown
Ethiopia
malicious
41.160.223.152
unknown
South Africa
malicious
197.173.220.111
unknown
South Africa
malicious
125.227.201.233
unknown
Taiwan; Republic of China (ROC)
malicious
195.166.221.243
unknown
Gibraltar
malicious
197.129.211.53
unknown
Morocco
157.71.232.56
unknown
Japan
197.109.134.88
unknown
South Africa
41.122.249.211
unknown
South Africa
41.77.4.232
unknown
Zambia
41.21.252.9
unknown
South Africa
166.73.218.156
unknown
United States
197.32.129.181
unknown
Egypt
133.214.188.203
unknown
Japan
41.212.254.194
unknown
Mauritius
200.244.158.184
unknown
Brazil
197.211.102.48
unknown
Malawi
157.53.82.117
unknown
United States
197.96.225.136
unknown
South Africa
41.53.237.252
unknown
South Africa
41.25.45.237
unknown
South Africa
41.116.103.255
unknown
South Africa
197.27.46.205
unknown
Tunisia
41.155.61.153
unknown
unknown
41.38.222.255
unknown
Egypt
157.108.93.95
unknown
Japan
114.189.90.29
unknown
Japan
129.224.69.216
unknown
United States
157.97.64.148
unknown
Germany
41.159.60.209
unknown
Gabon
197.150.202.17
unknown
Egypt
157.194.27.203
unknown
United States
197.192.65.187
unknown
Egypt
157.40.72.152
unknown
India
197.75.183.143
unknown
South Africa
172.237.152.235
unknown
United States
197.162.24.207
unknown
Egypt
197.15.63.192
unknown
Tunisia
197.211.29.69
unknown
Kenya
157.92.111.53
unknown
Argentina
41.57.219.98
unknown
Ghana
128.182.115.228
unknown
United States
197.152.120.2
unknown
Tanzania United Republic of
137.165.8.200
unknown
United States
179.233.27.152
unknown
Brazil
157.187.70.183
unknown
United States
197.21.89.101
unknown
Tunisia
197.32.82.214
unknown
Egypt
41.80.198.206
unknown
Kenya
41.169.13.83
unknown
South Africa
203.163.222.9
unknown
Taiwan; Republic of China (ROC)
41.3.249.54
unknown
South Africa
157.254.163.219
unknown
United States
197.234.255.170
unknown
unknown
41.102.197.106
unknown
Algeria
157.155.154.47
unknown
Australia
208.36.186.89
unknown
United States
157.25.81.94
unknown
Poland
157.215.69.24
unknown
United States
139.115.225.186
unknown
Norway
157.213.41.182
unknown
United States
41.60.196.85
unknown
Mauritius
197.153.85.36
unknown
Morocco
157.158.112.149
unknown
Poland
157.138.100.108
unknown
Italy
197.206.199.18
unknown
Algeria
157.177.222.249
unknown
Austria
140.126.208.102
unknown
Taiwan; Republic of China (ROC)
157.231.210.193
unknown
United Kingdom
197.211.126.51
unknown
Malawi
131.73.35.79
unknown
United States
75.223.4.250
unknown
United States
36.247.238.250
unknown
Japan
41.153.182.179
unknown
Egypt
41.34.56.163
unknown
Egypt
157.250.39.126
unknown
United States
197.4.248.29
unknown
Tunisia
41.159.91.1
unknown
Gabon
25.17.178.3
unknown
United Kingdom
197.250.1.127
unknown
Tanzania United Republic of
197.30.41.148
unknown
Tunisia
157.91.133.216
unknown
United States
50.206.209.122
unknown
United States
197.30.41.144
unknown
Tunisia
87.109.38.42
unknown
Saudi Arabia
157.64.220.197
unknown
Japan
197.230.184.225
unknown
Morocco
157.206.62.7
unknown
United States
41.39.212.183
unknown
Egypt
120.248.168.125
unknown
China
109.131.215.129
unknown
Belgium
157.242.151.3
unknown
United States
170.131.144.27
unknown
United States
157.231.209.202
unknown
United Kingdom
157.80.43.206
unknown
Japan
197.1.178.239
unknown
Tunisia
20.78.208.111
unknown
United States
197.77.90.58
unknown
South Africa
157.86.200.157
unknown
Brazil
157.120.16.165
unknown
Japan
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7ffe60dd1000
page read and write
5636ea74c000
page execute and read and write
7f255445c000
page read and write
7f25dab16000
page read and write
7f25d4021000
page read and write
7f25db028000
page read and write
5636e8744000
page read and write
7f2554459000
page read and write
7f25da485000
page read and write
5636ebb1e000
page read and write
7f25daad6000
page read and write
7f25db028000
page read and write
7f25da735000
page read and write
7ffe60dd1000
page read and write
7f25d4000000
page read and write
7f25dae47000
page read and write
5636ea763000
page read and write
7f25db19e000
page read and write
7f25db19e000
page read and write
7f2554418000
page execute read
7f25db159000
page read and write
7f2554459000
page read and write
7f25d4021000
page read and write
7f25d4000000
page read and write
7f25dae47000
page read and write
7f25daaf9000
page read and write
7f25daad6000
page read and write
7f25daaf9000
page read and write
5636ea763000
page read and write
7f25da735000
page read and write
5636e8744000
page read and write
7f25db151000
page read and write
5636e874e000
page read and write
7f25db151000
page read and write
5636ea74c000
page execute and read and write
7f25db159000
page read and write
7f25da485000
page read and write
5636e84bc000
page execute read
5636e874e000
page read and write
7f25dab16000
page read and write
7ffe60dea000
page execute read
7f2554418000
page execute read
7ffe60dea000
page execute read
7f255445c000
page read and write
5636e84bc000
page execute read
7f25da477000
page read and write
7f25d9c6f000
page read and write
7f25d9c6f000
page read and write
7f25da477000
page read and write
5636ebb1e000
page read and write
There are 40 hidden memdumps, click here to show them.