IOC Report
arm6.nn.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/arm6.nn.elf
/tmp/arm6.nn.elf

URLs

Name
IP
Malicious
http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
unknown
http://94.156.227.233/
unknown

IPs

IP
Domain
Country
Malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7f3b4c02f000
page execute read
malicious
5578e29b7000
page execute read
5578e4c0f000
page execute and read and write
7f3c54a12000
page read and write
7f3c54526000
page read and write
7f3c4c021000
page read and write
7f3b4c030000
page read and write
7f3c5412c000
page read and write
7f3c54397000
page read and write
7f3c4bfff000
page read and write
5578e6404000
page read and write
5578e2c08000
page read and write
7f3c53dca000
page read and write
7f3c53530000
page read and write
7ffc7dcfa000
page execute read
7f3b4c03a000
page read and write
5578e2c11000
page read and write
7f3c54a7b000
page read and write
5578e4c26000
page read and write
7f3c543ba000
page read and write
7f3c53d38000
page read and write
7f3c54a36000
page read and write
7f3c548e9000
page read and write
7ffc7dbfe000
page read and write
7f3c54708000
page read and write
There are 15 hidden memdumps, click here to show them.