IOC Report
flow.elf

loading gif

Files

File Path
Type
Category
Malicious
flow.elf
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=04804d3c31218f938502cbed5cdd1af09d59a8f0, for GNU/Linux 2.6.32, stripped
initial sample
 malicious
/tmp/_MEIx67uLe/_cffi_backend.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ed2f400ec911275cdcfe419baa7399c5750f536b, with debug_info, not stripped
dropped
/tmp/_MEIx67uLe/bcrypt/_bcrypt.abi3.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=59a01b5d3a6800fe52797e791ea5d81c655ba8b4, stripped
dropped
/tmp/_MEIx67uLe/cryptography/hazmat/bindings/_openssl.abi3.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1e6eae65decfe239e139e79ba14710c3ecabcf8d, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_bz2.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d17e3de2dc59aa2cb080a24acb809318862278b8, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_codecs_cn.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=271fec538389e0b44d93bb037e145a9713f821d5, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_codecs_hk.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=581b2b2daf99975167b6538c18db901765d86f7c, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_codecs_iso2022.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a955065648305a7a6a22a8e0292d83478a271559, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_codecs_jp.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=36b2c97398a3e8f38c5c79d43276ff7c1c26f02e, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_codecs_kr.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f7ff5c1f0f55f047b291bf40d435181a57b06c3f, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_codecs_tw.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bbe80590601c759b20687f46b428138371aa7766, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_contextvars.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3d85a5e9b32cd79ac70a020f158180e090ccf1a8, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_ctypes.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e92627054248c18027e5dcdac11df158041d594b, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_decimal.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7f8299dec6439d65236d86ce686c90e4e4e5d206, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_hashlib.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bdd0048456f1021dab11fcdf8cea59ba8b84864b, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_json.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6aeb5e9ddaffc4186adf4a718d896d495dc491bc, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_lzma.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6d2f32d58a5df0728774fa80580ece4f44b5255d, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_multibytecodec.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b76ad1c2d4794921864e4a341e8df7b7a4519716, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_multiprocessing.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3d98325706828fff98c9c51b55470601a34b0050, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_opcode.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7318afefac295d968b1e800563ea0e44765649b1, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_posixshmem.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a893ad39bb16ba959725f0d20481efee588d2dde, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_queue.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a3c4e6f427190d92ae9db00bbb9548fa5c54fcc2, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_ssl.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=174b847b3e5356edcfcb9440b162efda7e57eae7, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/_uuid.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5f3d3bf42c567a8d3ccd8642a0b1e2dfeec11f43, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/mmap.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=da188afdc68626afc5bd36ad3b1dd89e8ff84032, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/readline.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0176e2bbf93b1808600b9eea70363b299459711f, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/resource.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2ee58fae68a7aa956214eb225e72fcc44102ac67, stripped
dropped
/tmp/_MEIx67uLe/lib-dynload/termios.cpython-310-x86_64-linux-gnu.so
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=20995ace64bf6184cc89bafd2d6dd344ffe4a064, stripped
dropped
/tmp/_MEIx67uLe/libbz2.so.1.0
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e56b62c27bcc7ace8f9be36b255bd7b31bfde405, stripped
dropped
/tmp/_MEIx67uLe/libcrypto.so.3
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, missing section headers at 4455664
dropped
There are 20 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.9Q77JLay1z /tmp/tmp.M1BKrdKBH5 /tmp/tmp.qgT6A2WxQj
/tmp/flow.elf
/tmp/flow.elf
/tmp/flow.elf
-
/tmp/flow.elf
/tmp/flow.elf

URLs

Name
IP
Malicious
https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
unknown
https://importlib_metadata.readthedocs.io/
unknown
https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
unknown
https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
unknown
https://docs.python.org/3/library/importlib.metadata.html
unknown
https://github.com/psf/black
unknown
https://github.com/python/importlib_metadata/workflows/tests/badge.svg
unknown
https://cffi.readthedocs.io/en/latest/using.html#callbacks
unknown
https://img.shields.io/badge/code%20style-black-000000.svg
unknown
https://img.shields.io/badge/skeleton-2021-informational
unknown
https://github.com/python/importlib_metadata
unknown
https://blog.jaraco.com/skeleton
unknown
https://github.com/python/importlib_metadata/issues
unknown
https://img.shields.io/pypi/pyversions/importlib_metadata.svg
unknown
https://img.shields.io/pypi/v/importlib_metadata.svg
unknown
https://pypi.org/project/importlib_metadata
unknown
https://github.com/tailhook/injections
unknown
https://pypi.org/project/fake-useragent/#history)):
unknown
https://docs.python.org/3/reference/import.html#finders-and-loaders
unknown
https://www.w3schools.com/browsers/browsers_stats.asp
unknown
https://pypi.org/project/black/)
unknown
https://github.com/fake-useragent/fake-useragent/blob/main/AUTHORS).
unknown
There are 12 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
414000
page read and write
7fa029a22000
page read and write
c40000
page read and write
7f4bc679f000
page read and write
7f4bc6736000
page read and write
7f4bc6521000
page read and write
7f4bc6713000
page read and write
410000
page read and write
1070000
page read and write
7fa0299d5000
page read and write
7fa0299dd000
page read and write
7fa0297a4000
page read and write
414000
page read and write
7f4bc675a000
page read and write
7fa0299b9000
page read and write
7fa0299cc000
page execute read
7fa029996000
page read and write
7ffc238b2000
page read and write
410000
page read and write
409000
page execute read
7ffc238d6000
page execute read
7ffe0918b000
page read and write
7ffe091d5000
page execute read
409000
page execute read
There are 14 hidden memdumps, click here to show them.