Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
firmware.sh4.elf
|
ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/usr/bin/isovqu
|
ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
|
dropped
|
|
|
|
/var/spool/cron/crontabs/root
|
ASCII text
|
dropped
|
|
|
|
/var/spool/cron/crontabs/tmp.LcjwCF
|
ASCII text
|
dropped
|
|
|
|
/var/spool/cron/crontabs/tmp.dUBIUw
|
ASCII text
|
dropped
|
|
|
|
/etc/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/etc/d
|
ASCII text
|
dropped
|
||
|
/home/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/mnt/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/root/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
||
|
/tmp/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (11160), with no line terminators
|
dropped
|
||
|
/var/allah_is_prick.html
|
HTML document, ASCII text, with very long lines (360), with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/firmware.sh4.elf
|
/tmp/firmware.sh4.elf
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "crontab /var/spool/cron/crontabs/root"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/crontab
|
crontab /var/spool/cron/crontabs/root
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "hostname -I"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/hostname
|
hostname -I
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "crontab /var/spool/cron/crontabs/root"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/crontab
|
crontab /var/spool/cron/crontabs/root
|
||
|
/tmp/firmware.sh4.elf
|
-
|
||
|
/tmp/firmware.sh4.elf
|
-
|
There are 113 hidden processes, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f9f40428000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9f4042e000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc0021000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7f9f40458000
|
page read and write
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc0000000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9f4042e000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9fc6603000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9fc611d000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
7f9fc65be000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9fc5d5b000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc5abe000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9f40428000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
55c2d49cd000
|
page execute read
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
55c2d6be9000
|
page execute and read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9f40430000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
55c2d71fc000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7ffe8b78f000
|
page execute read
|
|||
|
7f9f40458000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
55c2d4beb000
|
page read and write
|
|||
|
55c2d6c00000
|
page read and write
|
|||
|
7f9fc5acc000
|
page read and write
|
|||
|
7f9fc648d000
|
page read and write
|
|||
|
7f9fc52bb000
|
page read and write
|
|||
|
7f9fc65b6000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
55c2d4be3000
|
page read and write
|
|||
|
7f9f4042d000
|
page read and write
|
|||
|
7ffe8b6f9000
|
page read and write
|
|||
|
7f9fc6142000
|
page read and write
|
|||
|
7f9f40417000
|
page execute read
|
|||
|
7f9f4042d000
|
page read and write
|
There are 255 hidden memdumps, click here to show them.