IOC Report
17NhHArVe7.elf

loading gif

Files

File Path
Type
Category
Malicious
17NhHArVe7.elf
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
initial sample
 malicious
/home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml.new
XML 1.0 document, ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/17NhHArVe7.elf
/tmp/17NhHArVe7.elf
/tmp/17NhHArVe7.elf
-
/tmp/17NhHArVe7.elf
-
/tmp/17NhHArVe7.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
-
/usr/sbin/xfpm-power-backlight-helper
/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
/usr/bin/dbus-daemon
-
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/systemd/systemd
-
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
 malicious

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
37.221.93.146
unknown
Germany

Memdumps

Base Address
Regiontype
Protect
Malicious
7fb9fa425000
page read and write
7fb904007000
page execute and read and write
7fb90400e000
page execute and read and write
7fb9f959e000
page read and write
7fb9f4000000
page read and write
55af510e2000
page read and write
7fb9f9daf000
page read and write
7fb90400d000
page execute read
7fb9fa899000
page read and write
55af4f0c6000
page read and write
7fb9f9da1000
page read and write
55af5215a000
page read and write
7fb9fa8e6000
page read and write
7ffe7536f000
page read and write
7ffe7536f000
page read and write
7fb9f4000000
page read and write
7fb904002000
page execute read
7fb90400e000
page execute and read and write
55af510cc000
page execute and read and write
7fb904020000
page read and write
7fb9fa400000
page read and write
55af4ee43000
page execute read
55af4f0ce000
page read and write
7fb904020000
page read and write
7fb9f959e000
page read and write
7fb9fa899000
page read and write
7fb90400e000
page execute and read and write
7fb9f4021000
page read and write
7fb9f9daf000
page read and write
55af4ee43000
page execute read
55af510e2000
page read and write
55af4f0ce000
page read and write
7fb9fa03e000
page read and write
55af510cc000
page execute and read and write
7fb90400d000
page execute read
7fb9f959e000
page read and write
7fb9fa899000
page read and write
7fb9fa425000
page read and write
7fb9fa770000
page read and write
7fb9fa8e6000
page read and write
7fb904002000
page execute read
7fb9fa8a1000
page read and write
7fb9fa425000
page read and write
7ffe753b7000
page execute read
7fb9f9daf000
page read and write
55af5215a000
page read and write
7fb9f4021000
page read and write
7ffe7536f000
page read and write
7fb9fa8a1000
page read and write
7fb9fa400000
page read and write
7fb904020000
page read and write
7fb9fa8a1000
page read and write
7ffe753b7000
page execute read
7fb9f4000000
page read and write
7ffe753b7000
page execute read
55af4ee43000
page execute read
55af4f0c6000
page read and write
7fb904007000
page execute and read and write
55af4f0ce000
page read and write
55af510e2000
page read and write
55af510cc000
page execute and read and write
7fb9f9da1000
page read and write
7fb9f4021000
page read and write
7fb904007000
page execute and read and write
7fb9fa770000
page read and write
55af5215a000
page read and write
7fb9fa8e6000
page read and write
7fb9fa770000
page read and write
7fb9fa03e000
page read and write
7fb9f9da1000
page read and write
7fb90400d000
page execute read
7fb9fa400000
page read and write
7fb904002000
page execute read
55af4f0c6000
page read and write
7fb9fa03e000
page read and write
There are 65 hidden memdumps, click here to show them.