Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
na.elf
|
ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
|
initial sample
|
||
/home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml.new
|
XML 1.0 document, ASCII text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/na.elf
|
/tmp/na.elf
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8
12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
-
|
||
/usr/sbin/xfpm-power-backlight-helper
|
/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so
10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
|
||
/usr/bin/xfce4-panel
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925
actions "Action Buttons" "Log out, lock or other system actions"
|
||
/usr/bin/dbus-daemon
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
|
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
|
There are 12 hidden processes, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
daisy.ubuntu.com
|
162.213.35.25
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.212.158.45
|
unknown
|
Romania
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7ff22c40c000
|
page execute read
|
|||
7ff22c40c000
|
page execute read
|
|||
7ff22c40c000
|
page execute read
|
|||
7ff2b47bc000
|
page read and write
|
|||
560d9f62f000
|
page read and write
|
|||
7ff2b47ca000
|
page read and write
|
|||
7ffc02e90000
|
page execute read
|
|||
560d9f62f000
|
page read and write
|
|||
560d9c06f000
|
page execute read
|
|||
7ff22c41d000
|
page read and write
|
|||
560d9c06f000
|
page execute read
|
|||
7ff2b4a59000
|
page read and write
|
|||
560d9c285000
|
page read and write
|
|||
7ff2ac021000
|
page read and write
|
|||
7ff2b4e1b000
|
page read and write
|
|||
7ff2b4e40000
|
page read and write
|
|||
7ff2b4e1b000
|
page read and write
|
|||
7ff2b4a59000
|
page read and write
|
|||
7ff2ac021000
|
page read and write
|
|||
7ff2b518b000
|
page read and write
|
|||
7ff2b47ca000
|
page read and write
|
|||
7ff22c41d000
|
page read and write
|
|||
7ffc02e3f000
|
page read and write
|
|||
7ff2b518b000
|
page read and write
|
|||
7ff2b47ca000
|
page read and write
|
|||
560d9e2a2000
|
page read and write
|
|||
7ff22c41e000
|
page read and write
|
|||
7ff2b5301000
|
page read and write
|
|||
7ff2b52bc000
|
page read and write
|
|||
560d9c28d000
|
page read and write
|
|||
7ff2b47bc000
|
page read and write
|
|||
7ff2b52b4000
|
page read and write
|
|||
560d9e2a2000
|
page read and write
|
|||
7ff2b52b4000
|
page read and write
|
|||
7ffc02e3f000
|
page read and write
|
|||
7ffc02e90000
|
page execute read
|
|||
7ff2b3fb9000
|
page read and write
|
|||
7ff2b4e40000
|
page read and write
|
|||
560d9e2a2000
|
page read and write
|
|||
7ffc02e3f000
|
page read and write
|
|||
7ffc02e90000
|
page execute read
|
|||
7ff22c41e000
|
page read and write
|
|||
7ff2b52bc000
|
page read and write
|
|||
7ff2ac000000
|
page read and write
|
|||
7ff2ac000000
|
page read and write
|
|||
560d9e28b000
|
page execute and read and write
|
|||
560d9e28b000
|
page execute and read and write
|
|||
7ff2b3fb9000
|
page read and write
|
|||
7ff2b4e1b000
|
page read and write
|
|||
7ff2b4e40000
|
page read and write
|
|||
7ff2b52b4000
|
page read and write
|
|||
7ff2b4a59000
|
page read and write
|
|||
560d9c28d000
|
page read and write
|
|||
560d9e28b000
|
page execute and read and write
|
|||
560d9f62f000
|
page read and write
|
|||
7ff2ac000000
|
page read and write
|
|||
560d9c285000
|
page read and write
|
|||
7ff2b5301000
|
page read and write
|
|||
560d9c06f000
|
page execute read
|
|||
560d9c28d000
|
page read and write
|
|||
7ff2ac021000
|
page read and write
|
|||
560d9c285000
|
page read and write
|
|||
7ff2b47bc000
|
page read and write
|
|||
7ff22c41d000
|
page read and write
|
|||
7ff2b5301000
|
page read and write
|
|||
7ff22c41e000
|
page read and write
|
|||
7ff2b3fb9000
|
page read and write
|
|||
7ff2b52bc000
|
page read and write
|
|||
7ff2b518b000
|
page read and write
|
There are 59 hidden memdumps, click here to show them.