IOC Report
firmware.i686.elf

loading gif

Files

File Path
Type
Category
Malicious
firmware.i686.elf
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/usr/bin/myirnra
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
dropped
 malicious
/var/spool/cron/crontabs/root
ASCII text
dropped
 malicious
/var/spool/cron/crontabs/tmp.Y9ZHp2
ASCII text
dropped
 malicious
/var/spool/cron/crontabs/tmp.tiEfc5
ASCII text
dropped
 malicious
/etc/allah_is_prick.html
HTML document, ASCII text, with very long lines (360), with no line terminators
dropped
/etc/d
ASCII text
dropped
/home/allah_is_prick.html
HTML document, ASCII text, with very long lines (360), with no line terminators
dropped
/mnt/allah_is_prick.html
HTML document, ASCII text, with very long lines (360), with no line terminators
dropped
/root/allah_is_prick.html
HTML document, ASCII text, with very long lines (360), with no line terminators
dropped
/tmp/allah_is_prick.html
HTML document, ASCII text, with very long lines (11520), with no line terminators
dropped
/var/allah_is_prick.html
HTML document, ASCII text, with very long lines (360), with no line terminators
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/tmp/firmware.i686.elf
/tmp/firmware.i686.elf
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "crontab /var/spool/cron/crontabs/root"
/bin/sh
-
/usr/bin/crontab
crontab /var/spool/cron/crontabs/root
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "hostname -I"
/bin/sh
-
/usr/bin/hostname
hostname -I
/tmp/firmware.i686.elf
-
/tmp/firmware.i686.elf
-
/bin/sh
sh -c "crontab /var/spool/cron/crontabs/root"
/bin/sh
-
/usr/bin/crontab
crontab /var/spool/cron/crontabs/root
There are 143 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://188.120.250.185/
188.120.250.185
http://92.53.96.216/
92.53.96.216
http://188.114.97.3/
188.114.97.3
http://81.200.116.145/
81.200.116.145
http://185.114.245.193/
185.114.245.193
http://31.177.80.70/
31.177.80.70
http://91.226.31.93/
91.226.31.93
http://188.114.96.3/
188.114.96.3
http://185.135.82.191/
185.135.82.191
http://5.188.30.5/
5.188.30.5
http://95.216.24.109/
95.216.24.109
http://194.35.119.93/
194.35.119.93
http://31.31.198.43/
31.31.198.43
http://62.122.170.171/
62.122.170.171
http://91.193.180.124/
91.193.180.124
http://90.188.239.74/
90.188.239.74
http://138.68.84.37/
138.68.84.37
http://5.253.60.47/
5.253.60.47
http://188.114.97.9/
188.114.97.9
http://91.226.31.82/
91.226.31.82
http://31.31.205.31/
31.31.205.31
http://94.228.126.97/
94.228.126.97
http://37.193.7.55/
37.193.7.55
http://176.31.179.191/
176.31.179.191
http://185.189.15.13/
185.189.15.13
http://194.67.71.9/
194.67.71.9
http://159.69.115.63/
159.69.115.63
http://151.101.1.195/
151.101.1.195
http://31.177.76.145/
31.177.76.145
http://77.223.111.18/
77.223.111.18
http://178.208.83.16/
178.208.83.16
http://176.99.9.90/
176.99.9.90
http://194.67.71.29/
194.67.71.29
http://92.53.96.137/
92.53.96.137
http://185.215.4.61/
185.215.4.61
http://151.101.65.195/
151.101.65.195
http://185.133.42.146/
185.133.42.146
http://194.58.112.165/
194.58.112.165
http://90.156.201.19/
90.156.201.19
http://188.114.96.9/
188.114.96.9
http://87.236.16.242/
87.236.16.242
http://89.108.116.108/
89.108.116.108
http://217.25.92.227/
217.25.92.227
http://157.230.19.197/
157.230.19.197
http://31.177.76.70/
31.177.76.70
http://90.156.201.70/
90.156.201.70
http://194.58.112.174/
194.58.112.174
http://84.42.40.126/
84.42.40.126
http://90.156.201.102/
90.156.201.102
http://31.31.205.163/
31.31.205.163
http://92.53.96.37/
92.53.96.37
http://77.222.62.180/
77.222.62.180
http://5.188.31.142/
5.188.31.142
There are 43 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
kece.ru
138.68.84.37
ebfa.ru
31.31.205.163
ecda.ru
62.122.170.171
www.ckea.ru
194.120.116.196
www.dack.ru
62.122.170.171
kkfk.ru
194.58.112.165
www.kkfk.ru
194.58.112.165
cflb.ru
90.156.201.19
www.cflb.ru
90.156.201.70
www.ebfa.ru
31.31.205.163
www.allk.ru
185.189.15.13
ckef.ru
31.31.198.43
fcll.ru
185.215.4.61
www.fdbk.ru
62.122.170.171
bbda.ru
81.200.116.145
www.abkb.ru
95.216.24.109
baff.ru
178.208.83.16
www.bkfc.ru
188.114.96.3
cdke.ru
91.193.180.124
www.kece.ru
138.68.84.37
abkb.ru
95.216.24.109
www.ecda.ru
62.122.170.171
www.abca.ru
90.188.239.74
dack.ru
62.122.170.171
ckea.ru
45.159.211.121
www.aeal.ru
31.31.205.163
acaa.ru
92.53.96.137
www.lafc.ru
62.122.170.171
abca.ru
90.188.239.74
www.cdke.ru
91.193.180.124
dfeb.ru
31.31.205.163
www.leea.ru
31.31.205.31
akkk.ru
194.58.112.165
www.lkca.ru
62.122.170.171
www.kalb.ru
62.122.170.171
ekac.ru
62.122.170.171
www.aalf.ru
62.122.170.171
aeal.ru
31.31.205.163
www.kfaf.ru
194.58.112.165
aaae.ru
31.177.76.145
www.kaka.ru
151.101.1.195
allk.ru
185.189.15.13
eaec.ru
62.122.170.171
clce.ru
5.188.31.142
lafa.ru
89.108.116.108
www.kdle.ru
31.31.205.163
fdfa.ru
159.69.115.63
www.ecck.ru
185.114.245.193
www.lacb.ru
62.122.170.171
www.kefe.ru
31.177.76.145
cbfd.ru
31.31.205.163
www.bbda.ru
81.200.116.145
www.cdaf.ru
194.35.119.93
kaec.ru
62.122.170.171
www.clce.ru
5.188.31.142
www.dcfa.ru
62.122.170.171
cdlk.ru
188.114.97.3
www.baea.ru
31.31.205.163
bkkd.ru
77.223.111.18
www.efeb.ru
62.122.170.171
ccbd.ru
62.122.170.171
www.bklk.ru
194.58.112.165
stalker.bkdc.ru
84.42.40.126
www.alad.ru
92.53.96.37
www.bead.ru
62.122.170.171
www.kaec.ru
62.122.170.171
www.ckda.ru
62.122.170.171
baea.ru
31.31.205.163
www.edla.ru
31.31.205.163
www.eclf.ru
159.69.115.63
www.eddc.ru
31.31.205.163
www.ckdl.ru
87.236.16.242
www.keal.ru
62.122.170.171
ckda.ru
62.122.170.171
bebc.ru
185.135.82.191
www.ddae.ru
194.58.112.165
www.cada.ru
62.122.170.171
www.bakd.ru
194.58.112.174
www.elkd.ru
62.122.170.171
addl.ru
62.122.170.171
www.bdfa.ru
92.53.96.216
bklk.ru
194.58.112.165
www.ekec.ru
5.253.60.47
www.baac.ru
62.122.170.171
acad.ru
176.31.179.191
dakk.ru
62.122.170.171
www.caef.ru
31.31.205.163
www.ffaa.ru
194.67.71.137
eclf.ru
159.69.115.63
ffka.ru
194.58.112.165
ecck.ru
185.114.245.193
www.daea.ru
159.69.115.63
alea.ru
77.222.62.180
lafc.ru
62.122.170.171
kefe.ru
31.177.76.145
cacc.ru
62.122.170.171
www.kadb.ru
217.25.92.227
aebd.ru
31.31.205.163
lkca.ru
62.122.170.171
www.dfeb.ru
31.31.205.163
There are 90 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
34.66.215.63
unknown
United States
152.193.145.120
unknown
United States
206.99.213.220
unknown
United States
178.111.0.90
unknown
United Kingdom
82.254.63.89
unknown
France
97.132.71.227
unknown
United States
82.139.19.84
unknown
Poland
36.138.53.66
unknown
China
137.91.147.18
unknown
United States
98.169.236.218
unknown
United States
137.172.32.60
unknown
Australia
78.90.114.223
unknown
Bulgaria
197.74.23.196
unknown
South Africa
174.40.156.240
unknown
United States
128.226.179.163
unknown
United States
186.92.151.159
unknown
Venezuela
48.198.247.20
unknown
United States
119.255.209.43
unknown
China
165.254.178.121
unknown
United States
206.156.198.186
unknown
United States
140.65.94.15
unknown
United States
31.150.140.37
unknown
Germany
68.4.66.139
unknown
United States
139.111.106.20
unknown
Norway
82.41.175.78
unknown
United Kingdom
116.83.154.239
unknown
Japan
35.32.155.24
unknown
United States
43.103.185.11
unknown
Japan
199.19.226.246
unknown
United States
184.61.245.103
unknown
United States
98.113.155.255
unknown
United States
86.84.176.161
unknown
Netherlands
175.234.255.110
unknown
Korea Republic of
37.125.147.153
unknown
Saudi Arabia
120.73.10.239
unknown
Korea Republic of
185.65.144.50
unknown
United Kingdom
106.35.116.203
unknown
China
123.16.108.8
unknown
Viet Nam
190.100.12.214
unknown
Chile
90.230.170.29
unknown
Sweden
53.68.184.32
unknown
Germany
80.5.214.186
unknown
United Kingdom
27.98.176.63
unknown
Japan
140.223.47.143
unknown
United States
57.238.159.120
unknown
Belgium
199.213.215.123
unknown
Canada
88.227.117.41
unknown
Turkey
223.178.158.97
unknown
India
180.213.17.105
unknown
China
51.238.2.190
unknown
United Kingdom
85.172.70.234
unknown
Russian Federation
183.243.36.173
unknown
China
68.241.129.226
unknown
United States
132.79.16.137
unknown
United States
161.69.89.13
unknown
United States
85.43.80.219
unknown
Italy
163.153.156.52
unknown
United States
147.21.251.179
unknown
United States
194.46.141.120
unknown
United Kingdom
117.186.47.19
unknown
China
217.104.228.180
unknown
Netherlands
211.144.2.13
unknown
China
79.234.215.69
unknown
Germany
155.212.41.159
unknown
United States
172.144.206.253
unknown
United States
49.202.62.57
unknown
India
104.199.158.91
unknown
United States
139.255.236.171
unknown
Indonesia
81.43.97.141
unknown
Spain
72.228.47.168
unknown
United States
186.78.78.180
unknown
Chile
5.154.26.51
unknown
Spain
221.208.190.30
unknown
China
128.11.66.136
unknown
United States
8.158.86.58
unknown
Singapore
108.224.38.0
unknown
United States
112.146.115.227
unknown
Korea Republic of
70.235.78.64
unknown
United States
14.236.47.213
unknown
Viet Nam
222.217.93.104
unknown
China
154.15.213.121
unknown
Switzerland
123.1.163.35
unknown
Hong Kong
160.36.255.183
unknown
United States
50.55.21.131
unknown
United States
176.97.113.111
unknown
Ukraine
135.111.123.115
unknown
United States
118.38.253.220
unknown
Korea Republic of
20.222.27.101
unknown
United States
119.43.129.90
unknown
India
23.133.38.25
unknown
Reserved
60.95.78.58
unknown
Japan
81.23.46.150
unknown
France
147.190.29.115
unknown
United States
100.194.0.61
unknown
United States
181.122.141.219
unknown
Paraguay
188.144.201.198
unknown
Germany
25.114.228.155
unknown
United Kingdom
123.8.97.82
unknown
China
93.43.64.29
unknown
Italy
48.135.253.233
unknown
United States
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8062000
page read and write
f7fba000
page execute read
8061000
page execute read
ff860000
page read and write
84f7000
page read and write
8064000
page read and write