IOC Report
IV2tBGzAOn.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/IV2tBGzAOn.elf
/tmp/IV2tBGzAOn.elf
/tmp/IV2tBGzAOn.elf
-
/tmp/IV2tBGzAOn.elf
-
/tmp/IV2tBGzAOn.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
There are 6 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
37.221.93.146
unknown
Germany

Memdumps

Base Address
Regiontype
Protect
Malicious
7f014401f000
page execute read
 malicious
7f014401f000
page execute read
 malicious
7f0144031000
page read and write
7f024925b000
page read and write
7f0244021000
page read and write
55bb42d3e000
page read and write
7f024925b000
page read and write
7fffd686c000
page read and write
7f0249b03000
page read and write
7f0249642000
page read and write
7f0244021000
page read and write
7f0244000000
page read and write
55bb42b07000
page execute read
7f0144030000
page read and write
55bb42b07000
page execute read
7f0248fbe000
page read and write
7f0249abe000
page read and write
7f024998d000
page read and write
7f0249642000
page read and write
7f0248fbe000
page read and write
7f02487bb000
page read and write
55bb44d3c000
page execute and read and write
55bb44d3c000
page execute and read and write
55bb44d53000
page read and write
7f0144031000
page read and write
7f0144030000
page read and write
55bb44d53000
page read and write
7fffd686c000
page read and write
55bb42d3e000
page read and write
55bb42d35000
page read and write
7f02487bb000
page read and write
7f0249ab6000
page read and write
7f0249ab6000
page read and write
55bb46036000
page read and write
7f024961d000
page read and write
7f0249b03000
page read and write
55bb42d35000
page read and write
7f024961d000
page read and write
7f0244000000
page read and write
7f0248fcc000
page read and write
7fffd696f000
page execute read
7fffd696f000
page execute read
7f024998d000
page read and write
7f0249abe000
page read and write
7f0248fcc000
page read and write
55bb46036000
page read and write
There are 36 hidden memdumps, click here to show them.