Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
84.elf
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux
2.6.32, BuildID[sha1]=fdb92fd0de3892fc2176220c6694f8eee61d4fa3, stripped
|
initial sample
|
||
/root/.config/autostart/gvfs.desktop
|
ASCII text
|
dropped
|
||
/root/.gvfs/84.elf
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux
2.6.32, BuildID[sha1]=fdb92fd0de3892fc2176220c6694f8eee61d4fa3, stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_cffi_backend.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a8065860edce18a4dc4eef124c5ef5186663c879,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_codecs_cn.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=514db53237f2feae68b921059fd270fb13189922,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_codecs_hk.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=97e4ead34d3cee0d9e177d17cfa5b6ce7bd75c9f,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_codecs_iso2022.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=327305681b550044f7c7d3974bb02e611a5f0d66,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_codecs_jp.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=de2862cf1c79ce588099c9e88107338eb803b6b4,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_codecs_kr.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5f5a1cace8de7365928cd69d9c22f52f019b499d,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_codecs_tw.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9c3201f16e000ddb42f5b2b5ba4eb2cb37701577,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_ctypes.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9eb871f4b7c1f223cd7928397c52ec239b80d664,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_hashlib.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0f3b6573a291ea8cb69408512d6bdab7de25b832,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_json.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7465cc284b75613923b1ffde62d40bf513654c26,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_multibytecodec.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b3a1858bab7ca02b90b913ccedb9ce5019a489df,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/_ssl.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=566fc01e70b4bb52cc045ec9c932495462369c23,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/bz2.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=666dba81d12c5e460272832aa9823d35642a949c,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/certifi/cacert.pem
|
ASCII text
|
dropped
|
||
/tmp/_MEITTIAO4/certifi/old_root.pem
|
ASCII text
|
dropped
|
||
/tmp/_MEITTIAO4/certifi/weak.pem
|
ASCII text
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography-2.1.4-py2.7.egg-info/PKG-INFO
|
ASCII text
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography-2.1.4-py2.7.egg-info/dependency_links.txt
|
very short file (no magic)
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography-2.1.4-py2.7.egg-info/not-zip-safe
|
very short file (no magic)
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography-2.1.4-py2.7.egg-info/requires.txt
|
ASCII text
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography-2.1.4-py2.7.egg-info/top_level.txt
|
ASCII text
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography.hazmat.bindings._constant_time.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=26260b2f19ee2371e0719b4e5f18680e1737851a,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/cryptography.hazmat.bindings._openssl.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0ead53b947feba0a793eddad8400ae751a20c5ba,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libbz2.so.1.0
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a4147045409ed969e6f3936f3726726f4719bb40,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libcrypto.so.1.1
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9349f6f4db60009a53cebe1e05c7056992595a36,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libexpat.so.1
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=49976d874cc89dfcebf8c5dbf329149bfb40dab5,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libffi.so.6
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3555b5f599c9787dfddbf9e8df6f706b9044d985,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libpython2.7.so.1.0
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8a23a5727eea537355146d8842ad700ee02ac49c,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libreadline.so.7
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a21b81c1855c6444bc915d9331ab19923fa22c66,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libssl.so.1.1
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ca742a427e7aef089b39c4d773c20ea9e074ce8e,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libtinfo.so.5
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d20dc4f7881d9dd170d87fea8eec2a18e4949008,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/libz.so.1
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ef3e006dfe3132a41d4d4dc0e407d6ea658e11c4,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/pyexpat.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1fcab5ed75e10a3179769960716824a2e17cb3dd,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/readline.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c153df9ee2f261c40fe564523ef2832027b0a8eb,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/resource.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c69be48495f38778b2cf5753d7227d244f3de847,
stripped
|
dropped
|
||
/tmp/_MEITTIAO4/termios.so
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8045f1e14355ca6e3ea401dd8e3a49d7142ab8a0,
stripped
|
dropped
|
||
/tmp/list.txt
|
ASCII text
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/bin/dash
|
-
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.dyRqBbtRkK /tmp/tmp.wSbLfeKNbu /tmp/tmp.up7UPCnJlz
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.dyRqBbtRkK /tmp/tmp.wSbLfeKNbu /tmp/tmp.up7UPCnJlz
|
||
/tmp/84.elf
|
/tmp/84.elf
|
||
/tmp/84.elf
|
-
|
||
/tmp/84.elf
|
/tmp/84.elf
|
||
/tmp/84.elf
|
-
|
||
/sbin/ldconfig
|
/sbin/ldconfig -p
|
||
/sbin/ldconfig.real
|
/sbin/ldconfig.real -p
|
||
/tmp/84.elf
|
-
|
||
/bin/sh
|
sh -c "uname -p 2> /dev/null"
|
||
/bin/sh
|
-
|
||
/usr/bin/uname
|
uname -p
|
||
/tmp/84.elf
|
-
|
||
/bin/sh
|
sh -c "cd; find . -type f > /tmp/list.txt"
|
||
/bin/sh
|
-
|
||
/usr/bin/find
|
find . -type f
|
||
/tmp/84.elf
|
-
|
||
/bin/sh
|
sh -c "chmod +x /root/.gvfs/84.elf"
|
||
/bin/sh
|
-
|
||
/usr/bin/chmod
|
chmod +x /root/.gvfs/84.elf
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/uuidd
|
/usr/sbin/uuidd --socket-activation
|
There are 14 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://84.247.176.126:33548/api/root_265403912816988/hello
|
84.247.176.126
|
||
http://84.247.176.126:33548/api/root_265403912816988/upload
|
84.247.176.126
|
||
http://python.org/dev/peps/pep-0263/
|
unknown
|
||
https://img.shields.io/pypi/v/cryptography.svg
|
unknown
|
||
http://www.valicert.com/
|
unknown
|
||
http://www.unicode.org/reports/tr44/tr44-4.html).
|
unknown
|
||
https://github.com/pyca/cryptography
|
unknown
|
||
https://cryptography.io/
|
unknown
|
||
https://pypi.python.org/pypi/cryptography/
|
unknown
|
||
https://mail.python.org/mailman/listinfo/cryptography-dev
|
unknown
|
||
https://codecov.io/github/pyca/cryptography?branch=master
|
unknown
|
||
https://codecov.io/github/pyca/cryptography/coverage.svg?branch=master
|
unknown
|
||
https://travis-ci.org/pyca/cryptography.svg?branch=master
|
unknown
|
||
http://www.unicode.org/reports/tr44/tr44-4.html).xxsubtype
|
unknown
|
||
https://travis-ci.org/pyca/cryptography
|
unknown
|
||
https://cryptography.io
|
unknown
|
||
https://github.com/pyca/cryptography/issues
|
unknown
|
||
https://readthedocs.org/projects/cryptography/badge/?version=latest
|
unknown
|
||
http://www.chambersign.org
|
unknown
|
||
https://cryptography.io/en/latest/installation/
|
unknown
|
There are 10 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
84.247.176.126
|
unknown
|
Norway
|
||
54.171.230.55
|
unknown
|
United States
|
||
109.202.202.202
|
unknown
|
Switzerland
|
||
91.189.91.43
|
unknown
|
United Kingdom
|
||
91.189.91.42
|
unknown
|
United Kingdom
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7f3c0c038000
|
page read and write
|
|||
7fff3bfbc000
|
page read and write
|
|||
2458000
|
page read and write
|
|||
408000
|
page execute read
|
|||
7f3c0c293000
|
page read and write
|
|||
7f3c0c22a000
|
page read and write
|
|||
618000
|
page read and write
|
|||
7fff3bfdb000
|
page execute read
|
|||
608000
|
page read and write
|
|||
7f3c0c24e000
|
page read and write
|