IOC Report
3.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/3.elf
/tmp/3.elf
/tmp/3.elf
-
/tmp/3.elf
-
/tmp/3.elf
-
/tmp/3.elf
-
/tmp/3.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://1/wget.sh
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://9/curl.sh
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
197.216.246.217
unknown
Angola
malicious
12.151.70.111
unknown
United States
malicious
108.25.107.28
unknown
United States
197.20.219.217
unknown
Tunisia
36.45.84.63
unknown
China
157.118.223.12
unknown
Japan
93.43.39.17
unknown
Italy
197.38.199.129
unknown
Egypt
157.94.173.83
unknown
Finland
157.203.62.68
unknown
United Kingdom
197.76.64.234
unknown
South Africa
41.193.111.39
unknown
South Africa
41.192.181.137
unknown
South Africa
41.36.218.229
unknown
Egypt
197.65.117.118
unknown
South Africa
41.123.104.138
unknown
South Africa
94.122.78.59
unknown
Turkey
157.164.211.111
unknown
Belgium
41.185.108.101
unknown
South Africa
41.5.154.255
unknown
South Africa
41.194.17.22
unknown
South Africa
197.115.59.164
unknown
Algeria
197.134.84.168
unknown
Egypt
197.57.27.33
unknown
Egypt
197.34.221.155
unknown
Egypt
197.131.16.194
unknown
Morocco
197.10.101.60
unknown
Tunisia
197.176.213.108
unknown
Kenya
197.166.71.216
unknown
Egypt
197.128.22.121
unknown
Morocco
46.186.32.227
unknown
Poland
97.81.249.80
unknown
United States
212.190.194.242
unknown
Belgium
210.138.137.78
unknown
Japan
197.173.180.21
unknown
South Africa
170.189.41.232
unknown
United States
200.123.210.205
unknown
Belize
41.91.211.152
unknown
Egypt
157.162.118.91
unknown
Germany
197.173.167.55
unknown
South Africa
157.163.6.224
unknown
Germany
157.196.33.121
unknown
United States
197.252.28.253
unknown
Sudan
197.51.35.116
unknown
Egypt
197.166.130.77
unknown
Egypt
41.30.192.104
unknown
South Africa
157.75.91.187
unknown
Japan
157.48.226.232
unknown
India
157.32.170.192
unknown
India
197.33.231.246
unknown
Egypt
197.173.179.146
unknown
South Africa
167.182.121.212
unknown
United States
157.81.115.137
unknown
unknown
157.93.17.119
unknown
United States
41.212.241.86
unknown
Mauritius
157.9.162.60
unknown
Japan
197.4.89.197
unknown
Tunisia
41.23.40.204
unknown
South Africa
157.225.246.161
unknown
United States
197.206.199.48
unknown
Algeria
197.175.135.211
unknown
South Africa
222.64.126.13
unknown
China
197.177.27.83
unknown
Kenya
41.203.126.100
unknown
Nigeria
157.215.33.53
unknown
United States
157.45.233.217
unknown
India
157.245.169.47
unknown
United States
157.147.15.153
unknown
Japan
41.211.115.1
unknown
Cameroon
197.23.47.164
unknown
Tunisia
197.103.113.100
unknown
South Africa
41.35.45.86
unknown
Egypt
124.107.251.103
unknown
Philippines
197.89.111.76
unknown
South Africa
50.94.96.210
unknown
United States
157.128.153.202
unknown
Australia
199.167.35.195
unknown
United States
41.237.81.191
unknown
Egypt
41.158.229.23
unknown
Gabon
197.14.84.106
unknown
Tunisia
162.52.91.39
unknown
United States
132.167.3.193
unknown
France
161.192.4.104
unknown
United States
197.50.174.124
unknown
Egypt
200.231.223.172
unknown
Brazil
41.235.75.241
unknown
Egypt
197.53.192.35
unknown
Egypt
41.82.95.105
unknown
Senegal
197.185.129.138
unknown
South Africa
157.114.162.70
unknown
Japan
41.67.22.202
unknown
Sudan
41.39.82.108
unknown
Egypt
197.8.143.242
unknown
Tunisia
197.185.24.135
unknown
South Africa
48.112.212.78
unknown
United States
82.8.176.203
unknown
United Kingdom
157.25.81.69
unknown
Poland
197.69.172.117
unknown
South Africa
157.238.119.99
unknown
United States
157.111.53.162
unknown
Japan
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
55d8e30af000
page read and write
7fe3f4032000
page read and write
7fe4fbb6a000
page read and write
7fe4fc1e6000
page read and write
7fe4fbb47000
page read and write
7fe4fc22b000
page read and write
7fe4fbb47000
page read and write
7fe3f4035000
page read and write
7fe4f3fff000
page read and write
7fe4fb8dc000
page read and write
7fff07ce7000
page execute read
55d8e30af000
page read and write
7fe4f3fff000
page read and write
55d8e1091000
page read and write
7fff07cb1000
page read and write
55d8e4e9f000
page read and write
55d8e3098000
page execute and read and write
55d8e3098000
page execute and read and write
7fe4fb8dc000
page read and write
55d8e0e40000
page execute read
55d8e30af000
page read and write
55d8e1091000
page read and write
7fe4fc1c2000
page read and write
7fe4fbb6a000
page read and write
55d8e3098000
page execute and read and write
7fe4fbb6a000
page read and write
7fe4fbeb8000
page read and write
7fe4f4021000
page read and write
7fe4fb57a000
page read and write
7fe4fb8dc000
page read and write
7fe4fbb6a000
page read and write
7fe4fc22b000
page read and write
7fe4face0000
page read and write
7fe4fc1e6000
page read and write
7fe4fbeb8000
page read and write
7fe4fbeb8000
page read and write
7fe4fc099000
page read and write
7fff07cb1000
page read and write
7fe4fbcd6000
page read and write
7fe4fbb6a000
page read and write
7fe4fb57a000
page read and write
7fe4f4021000
page read and write
7fe4fbcd6000
page read and write
7fe4fc1c2000
page read and write
7fe3f4029000
page execute read
7fe4fb4e8000
page read and write
7fff07cb1000
page read and write
55d8e109a000
page read and write
7fff07ce7000
page execute read
7fe4fc22b000
page read and write
7fe4fc099000
page read and write
7fe4face0000
page read and write
7fff07cb1000
page read and write
55d8e30af000
page read and write
7fe4fb57a000
page read and write
55d8e109a000
page read and write
7fe4fc1e6000
page read and write
7fff07ce7000
page execute read
55d8e109a000
page read and write
7fe3f4032000
page read and write
7fe4fbb47000
page read and write
7fe3f4035000
page read and write
7fe4fb4e8000
page read and write
7fe4f4021000
page read and write
7fe3f4032000
page read and write
7fe4fb4e8000
page read and write
7fe4fc1c2000
page read and write
55d8e109a000
page read and write
7fe4fc1c2000
page read and write
7fe4face0000
page read and write
7fe3f4029000
page execute read
7fe3f4029000
page execute read
55d8e109a000
page read and write
7fe3f4029000
page execute read
7fe4fbeb8000
page read and write
55d8e4e9f000
page read and write
7fe4fc22b000
page read and write
7fff07cb1000
page read and write
7fe4f4021000
page read and write
7fe4fbeb8000
page read and write
55d8e30af000
page read and write
7fe3f4032000
page read and write
7fe4fb57a000
page read and write
7fe4f3fff000
page read and write
55d8e1091000
page read and write
7fe3f4035000
page read and write
7fe4fc099000
page read and write
7fe4fbcd6000
page read and write
55d8e4e9f000
page read and write
7fe4fc22b000
page read and write
7fe4fc1e6000
page read and write
7fe4fb8dc000
page read and write
7fe4fbb47000
page read and write
55d8e3098000
page execute and read and write
7fe3f4029000
page execute read
7fe4face0000
page read and write
55d8e1091000
page read and write
7fe4fbcd6000
page read and write
7fff07ce7000
page execute read
7fe4face0000
page read and write
7fe4fc1c2000
page read and write
55d8e0e40000
page execute read
7fe4fb57a000
page read and write
7fe3f4032000
page read and write
7fe4fb4e8000
page read and write
7fe3f4035000
page read and write
55d8e1091000
page read and write
55d8e0e40000
page execute read
7fe3f4035000
page read and write
7fe4fb4e8000
page read and write
55d8e3098000
page execute and read and write
7fe4fbcd6000
page read and write
55d8e0e40000
page execute read
7fe4fc099000
page read and write
55d8e4e9f000
page read and write
55d8e0e40000
page execute read
55d8e4e9f000
page read and write
7fe4fc1e6000
page read and write
7fe4fb8dc000
page read and write
7fe4f3fff000
page read and write
7fe4fbb47000
page read and write
7fe4fc099000
page read and write
7fe4f3fff000
page read and write
7fff07ce7000
page execute read
7fe4f4021000
page read and write
There are 115 hidden memdumps, click here to show them.