IOC Report
botnt.mpsl.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/botnt.mpsl.elf
/tmp/botnt.mpsl.elf
/tmp/botnt.mpsl.elf
-
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.IVmJa2rF9m /tmp/tmp.98uZxoFVPb /tmp/tmp.eU1NtABKew
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.IVmJa2rF9m
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.IVmJa2rF9m
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.IVmJa2rF9m /tmp/tmp.98uZxoFVPb /tmp/tmp.eU1NtABKew
There are 12 hidden processes, click here to show them.

Domains

Name
IP
Malicious
e.dosbotbig.mom
92.223.30.152
e.foxnointel.ru
unknown

IPs

IP
Domain
Country
Malicious
54.171.230.55
unknown
United States
185.125.190.26
unknown
United Kingdom
85.203.42.10
unknown
Netherlands
92.38.135.253
unknown
Austria

Memdumps

Base Address
Regiontype
Protect
Malicious
7f067d61f000
page read and write
7ffdce6db000
page read and write
7f067de35000
page read and write
563c2b556000
page execute and read and write
7f05f8434000
page read and write
7f067e4a9000
page read and write
563c29558000
page read and write
7f05f8421000
page execute read
7f067de27000
page read and write
7f067eb4e000
page read and write
563c292c6000
page execute read
7ffdce7b0000
page execute read
7f067eb01000
page read and write
7f067e4c6000
page read and write
7f067e486000
page read and write
563c2b56d000
page read and write
7f0678021000
page read and write
7f067e0e5000
page read and write
7f067eb09000
page read and write
7f067e7f7000
page read and write
563c2954e000
page read and write
7f067e9d8000
page read and write
7f05f8432000
page read and write
7f0678000000
page read and write
563c2c0d9000
page read and write
There are 15 hidden memdumps, click here to show them.