IOC Report
na.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.xbgCNgoT0n /tmp/tmp.EmzAJqfg9z /tmp/tmp.3icbhRhNLR
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.xbgCNgoT0n
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.xbgCNgoT0n
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.xbgCNgoT0n /tmp/tmp.EmzAJqfg9z /tmp/tmp.3icbhRhNLR
/tmp/na.elf
/tmp/na.elf
/tmp/na.elf
-
/tmp/na.elf
-
There are 13 hidden processes, click here to show them.

Domains

Name
IP
Malicious
xz33006.h52l.com
181.41.196.16
 malicious

IPs

IP
Domain
Country
Malicious
181.41.196.16
xz33006.h52l.com
Chile
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
7f048402d000
page execute read
 malicious
7f048403a000
page read and write
7ffe15f1f000
page read and write
7f058c8d1000
page read and write
7f058c8ae000
page read and write
7f058c2e1000
page read and write
7f0583fff000
page read and write
7f058ca3d000
page read and write
5565fe02c000
page read and write
7f058cc1f000
page read and write
5565fbdbd000
page execute read
5565febc9000
page read and write
7f0584021000
page read and write
7f058ba47000
page read and write
7f058cf4d000
page read and write
5565fc00e000
page read and write
7f0484035000
page read and write
7f058c643000
page read and write
7f058ce00000
page read and write
7ffe15f29000
page execute read
5565fc017000
page read and write
7f058cf29000
page read and write
5565fe015000
page execute and read and write
7f058cf92000
page read and write
7f058c24f000
page read and write
There are 15 hidden memdumps, click here to show them.