Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
na.elf
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux
2.6.18, stripped
|
initial sample
|
||
/root/.electrum-dash/blockchain_headers
|
data
|
dropped
|
||
/root/.electrum-dash/daemon
|
ASCII text, with no line terminators
|
dropped
|
||
/root/.electrum-dash/recent_servers
|
JSON data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/na.elf
|
/tmp/na.elf
|
||
/tmp/na.elf
|
-
|
||
/tmp/na.elf
|
-
|
||
/tmp/.mount_na.elftmWR4f/AppRun
|
/tmp/na.elf
|
||
/tmp/.mount_na.elftmWR4f/AppRun
|
-
|
||
/tmp/.mount_na.elftmWR4f/AppRun
|
-
|
||
/usr/bin/readlink
|
readlink -e /tmp/.mount_na.elftmWR4f/AppRun
|
||
/usr/bin/dirname
|
dirname /tmp/.mount_na.elftmWR4f/AppRun
|
||
/tmp/.mount_na.elftmWR4f/usr/bin/python3.10
|
/tmp/.mount_na.elftmWR4f/usr/bin/python3.10 -s /tmp/.mount_na.elftmWR4f/usr/bin/electrum-dash
|
||
/tmp/.mount_na.elftmWR4f/usr/bin/python3.10
|
-
|
||
/usr/bin/uname
|
uname -p
|
||
/tmp/.mount_na.elftmWR4f/usr/bin/python3.10
|
-
|
||
/usr/bin/dbus-launch
|
dbus-launch --autolaunch ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
|
||
/usr/bin/dbus-launch
|
-
|
||
/usr/bin/dbus-launch
|
-
|
||
/usr/bin/dbus-daemon
|
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
|
||
/usr/bin/dbus-launch
|
-
|
There are 7 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://crl.securetrust.com/STCA.crlEp
|
unknown
|
||
https://www.catcert.net/verarre
|
unknown
|
||
https://wwww.certigna.fr/autorites/E
|
unknown
|
||
http://repository.swisssign.com/E
|
unknown
|
||
https://wwww.certigna.fr/autorites/A
|
unknown
|
||
http://www.cert.fnmt.es/dpcs/%
|
unknown
|
||
https://docs.python.org/3.7/library/asyncio-eventloop.html
|
unknown
|
||
https://docs.dash.org/en/stable/wallets/index.html#dash-electrum-wallet
|
unknown
|
||
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl%P
|
unknown
|
||
http://x1.c.lencr.org/55
|
unknown
|
||
https://ocsp.quovadisoffshore.com
|
unknown
|
||
https://tools.ietf.org/html/rfc2388#section-4.4
|
unknown
|
||
http://policy.camerfirm
|
unknown
|
||
http://policy.camerfirma.comP
|
unknown
|
||
https://github.com/satoshilabs/slips/blob/master/slip-0039.md.
|
unknown
|
||
http://r10.i.lencr.org/
|
unknown
|
||
http://x1.c.lencr.org/KoZIhvc%
|
unknown
|
||
http://policy.camerfirma.comA
|
unknown
|
||
http://www.accv.es/legislacion_c.htmU
|
unknown
|
||
http://www.quovadis.b
|
unknown
|
||
http://crl.dhimyotis.com/certignarootca.crlU
|
unknown
|
||
http://crl.securetrust.com/SGCA.crl892632d156Q
|
unknown
|
||
https://github.com/python-attrs/attrs/issues/136
|
unknown
|
||
http://policy.camerfirma.com%
|
unknown
|
||
http://repository.swisssign.com/Q
|
unknown
|
||
http://crl.dhimyotis.com/certignarootca.crl
|
unknown
|
||
http://ocsp.accv.es
|
unknown
|
||
http://crl.dhimyotis.com/certignarootca.crla
|
unknown
|
||
https://zopeinterface.readthedocs.io/en/latest/
|
unknown
|
||
https://www.catcert.net/verarreP
|
unknown
|
||
https://httpbin.org/get
|
unknown
|
||
http://httpbin.org/
|
unknown
|
||
http://www.accv.es/legislacion_c.htmUP
|
unknown
|
||
http://crl.xrampsecurity.com/XGCA.crlE
|
unknown
|
||
http://repository.swisssign.com/ee
|
unknown
|
||
http://www.accv.es/legislacion_c.htmoot
|
unknown
|
||
http://www.accv.es/legislacion_c.htm1
|
unknown
|
||
https://wwww.certigna.fr/autorites/0m
|
unknown
|
||
http://policy.camerfirma.comEp
|
unknown
|
||
https://httpbin.org/
|
unknown
|
||
http://repository.swisssign.com/ER
|
unknown
|
||
http://r10.o.lencr.org0#
|
unknown
|
||
https://wwww.certigna.fr/autorites/
|
unknown
|
||
http://x1.c.lencr.org/
|
unknown
|
||
http://www.color.org)
|
unknown
|
||
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
|
unknown
|
||
http://www.accv.es/legislacion_c.htm%
|
unknown
|
||
https://www.catcert.net/verarrel
|
unknown
|
||
http://crl.securetrust.com/STCA.crl
|
unknown
|
||
http://repository.swisssig0
|
unknown
|
||
http://wwwsearch.sf.net/):
|
unknown
|
||
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
|
unknown
|
||
http://www.accv.es/legislacion_c.htm
|
unknown
|
||
http://r10.o.lencr.org61
|
unknown
|
||
http://crl.xrampsecurity.com/XGCA.crl0
|
unknown
|
||
http://mathworld.wolfram.com/SampleVariance.html
|
unknown
|
||
https://raw.githubusercontent.com/Bertrand256/electrum-dash/master/.latest-version
|
unknown
|
||
http://www.cert.fnmt.es/dpcs/
|
unknown
|
||
http://www.quovadis.bm0
|
unknown
|
||
http://crl.dhimyotis.com/certignaroot
|
unknown
|
||
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
|
unknown
|
||
http://www.accv.es00
|
unknown
|
||
http://crl.securetrust.com/SGCA.crlEP
|
unknown
|
||
https://github.com/Bertrand256/electrum-dash/releases
|
unknown
|
||
http://github.com/romanz/amodem/
|
unknown
|
||
http://repository.swisssign.com/Ep
|
unknown
|
||
https://bugs.python.org/issue43285
|
unknown
|
||
http://r10.i.lencr.org/0
|
unknown
|
||
http://appimage.org/.shstrtab.interp.note.ABI-tag.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.
|
unknown
|
||
http://google.com/
|
unknown
|
||
http://policy.camerfirma.com%(B
|
unknown
|
||
http://crl.securetrust.com/STCA.crlE
|
unknown
|
||
http://www.qt.io/licensing/
|
unknown
|
||
https://mahler:8092/site-updates.py
|
unknown
|
||
https://github.com/Bertrand256/electrum-dash/releasesgui/qt
|
unknown
|
||
https://ocsp.quovadisoffshore.comA
|
unknown
|
||
http://crl.securetrust.com/SGCA.crl
|
unknown
|
||
http://crl.xrampsecurity.com/XGCA.crlE0
|
unknown
|
||
https://www.python.org/download/releases/2.3/mro/.
|
unknown
|
||
http://dx.doi.org/10.1080/03610928908830127
|
unknown
|
||
https://httpbin.org/post
|
unknown
|
||
https://www.python.org/dev/peps/pep-0526/
|
unknown
|
||
http://python.org/
|
unknown
|
||
https://github.com/Ousret/charset_normalizer
|
unknown
|
||
http://bugs.python.org/issue24068.
|
unknown
|
||
http://www.johndcook.com/blog/2008/09/26/comparing-three-methods-of-computing-standard-deviation/
|
unknown
|
||
http://www.firmaprofesional.com/cps0
|
unknown
|
||
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl%
|
unknown
|
||
http://policy.camerfirma.com
|
unknown
|
||
http://crl.securetrust.com/SGCA.crl0
|
unknown
|
||
https://my.kuna.io/en/kunaid-ukraine
|
unknown
|
||
http://crl.securetrust.com/STCA.crl0
|
unknown
|
||
http://ocsp.accv.esc
|
unknown
|
||
https://ocsp.quovadisoffshore.com%
|
unknown
|
||
http://unicode.org/reports/tr46/).
|
unknown
|
||
http://x1.i.lencr.org/5
|
unknown
|
||
http://yahoo.com/
|
unknown
|
||
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
|
unknown
|
||
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl5
|
unknown
|
||
http://www.quovadisglobal.com/cps:
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
electrum3.cipig.net
|
unknown
|
||
dns.google.com
|
unknown
|
||
electrum1.cipig.net
|
unknown
|
||
rnxogu42f3pq3e3oo7shqmh7mtema6c5fhhhsi54din4olzlu7vsx2id.onion
|
unknown
|
||
cloudflare-dns.com
|
unknown
|
||
electrum2.cipig.net
|
49.12.127.113
|
||
dash-electrum.pshenmic.dev
|
51.250.0.233
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
49.12.127.113
|
electrum2.cipig.net
|
Germany
|
||
49.12.127.111
|
unknown
|
Germany
|
||
104.16.249.249
|
unknown
|
United States
|
||
65.109.123.188
|
unknown
|
United States
|
||
8.8.4.4
|
unknown
|
United States
|
||
104.16.248.249
|
unknown
|
United States
|
||
109.202.202.202
|
unknown
|
Switzerland
|
||
91.189.91.43
|
unknown
|
United Kingdom
|
||
51.250.0.233
|
dash-electrum.pshenmic.dev
|
United Kingdom
|
||
91.189.91.42
|
unknown
|
United Kingdom
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7fe08b9a0000
|
page execute read
|
|||
7fe0d4909000
|
page read and write
|
|||
7fe08a9f6000
|
page read and write
|
|||
7fe0d8019000
|
page read and write
|
|||
7fe0c801d000
|
page read and write
|
|||
7fe08b52e000
|
page execute read
|
|||
7fe08bba4000
|
page read and write
|
|||
7fe0acca8000
|
page read and write
|
|||
7fe0c4000000
|
page read and write
|
|||
7fe0cb6cf000
|
page read and write
|
|||
7fd6677b9000
|
page read and write
|
|||
7fe0c8075000
|
page read and write
|
|||
7fe0c1274000
|
page read and write
|
|||
7fe0c016b000
|
page read and write
|
|||
7fe0d9a2c000
|
page read and write
|
|||
7ffe37356000
|
page read and write
|
|||
7fe0c15aa000
|
page execute read
|
|||
7fe0cbff5000
|
page read and write
|
|||
7fe094021000
|
page read and write
|
|||
7fe0c2053000
|
page read and write
|
|||
7fe0cb4bd000
|
page execute read
|
|||
7fe0c1382000
|
page read and write
|
|||
7fe0a80b0000
|
page execute read
|
|||
7fe0c1275000
|
page read and write
|
|||
7fe0c112d000
|
page execute read
|
|||
7fe08bdfd000
|
page execute read
|
|||
7fe0c37fe000
|
page read and write
|
|||
7fe0c8703000
|
page read and write
|
|||
7fd667774000
|
page read and write
|
|||
7fe0caed7000
|
page read and write
|
|||
7fd66753b000
|
page read and write
|
|||
7fe09c021000
|
page read and write
|
|||
7fe0c2a54000
|
page read and write
|
|||
7fd66753b000
|
page read and write
|
|||
7fe0c12ae000
|
page execute read
|
|||
7fe0c804a000
|
page read and write
|
|||
7fe0c1399000
|
page execute read
|
|||
7fe0d0021000
|
page read and write
|
|||
7fe0c805e000
|
page execute read
|
|||
7fe0c1171000
|
page read and write
|
|||
7fe0c804e000
|
page execute read
|
|||
7fe0c3084000
|
page execute read
|
|||
7fe0c11ad000
|
page execute read
|
|||
7fe0d864d000
|
page read and write
|
|||
7fe0c3790000
|
page execute read
|
|||
7fe098021000
|
page read and write
|
|||
7fe0c8051000
|
page read and write
|
|||
7fe0abc76000
|
page read and write
|
|||
7fe0a8928000
|
page read and write
|
|||
7fe0c8064000
|
page read and write
|
|||
7fe0c1e4f000
|
page read and write
|
|||
7fe0cbddf000
|
page execute read
|
|||
7fe0a9330000
|
page read and write
|
|||
7fe0c17ab000
|
page read and write
|
|||
7fe0c137e000
|
page execute read
|
|||
7fe0a9b31000
|
page read and write
|
|||
7fe0c118d000
|
page execute read
|
|||
7fd66776c000
|
page read and write
|
|||
7fe0a8315000
|
page execute read
|
|||
7fe0c1e4d000
|
page read and write
|
|||
7fe0c8f18000
|
page execute read
|
|||
62b000
|
page read and write
|
|||
7fd6677b9000
|
page read and write
|
|||
7fe0caed9000
|
page read and write
|
|||
7fe0c0210000
|
page execute read
|
|||
7fe0a8b2f000
|
page read and write
|
|||
7fe08bda9000
|
page read and write
|
|||
7fe0c806b000
|
page execute read
|
|||
7fe0b3dfe000
|
page read and write
|
|||
7fe084021000
|
page read and write
|
|||
7fe0d8013000
|
page read and write
|
|||
7fe0c8069000
|
page read and write
|
|||
7fe0c37ff000
|
page read and write
|
|||
7fe0c11bb000
|
page read and write
|
|||
7fe0d8a29000
|
page read and write
|
|||
7fe0c8022000
|
page read and write
|
|||
7fe08a9f3000
|
page execute read
|
|||
7ffe373b8000
|
page execute read
|
|||
7fe0cc021000
|
page read and write
|
|||
7fd6674fa000
|
page read and write
|
|||
7fe090021000
|
page read and write
|
|||
7fe0c8704000
|
page read and write
|
|||
7fe0acce0000
|
page read and write
|
|||
7fe0c12c6000
|
page read and write
|
|||
7fe0d8016000
|
page execute read
|
|||
7ffe37356000
|
page read and write
|
|||
7fe0c8036000
|
page read and write
|
|||
7fe0d86d6000
|
page read and write
|
|||
7fe08bba8000
|
page execute read
|
|||
7fd667774000
|
page read and write
|
|||
7fe0c2253000
|
page read and write
|
|||
7fe0c0416000
|
page execute read
|
|||
7fe0c0412000
|
page read and write
|
|||
7fe08b936000
|
page read and write
|
|||
7fe0c83c1000
|
page read and write
|
|||
7ffe373b8000
|
page execute read
|
|||
7fe0c13a0000
|
page read and write
|
|||
7fe0cacc6000
|
page execute read
|
|||
5602b0dca000
|
page read and write
|
|||
7fe0c8038000
|
page execute read
|
|||
7fe0bc021000
|
page read and write
|
|||
7fd66772d000
|
page read and write
|
|||
7fe0a892e000
|
page execute read
|
|||
7fe0d843e000
|
page execute read
|
|||
7fd66776c000
|
page read and write
|
|||
7fe0c868b000
|
page execute read
|
|||
7fe0c01e4000
|
page read and write
|
|||
7fe0c806e000
|
page read and write
|
|||
7fe0d81b5000
|
page read and write
|
|||
7fe08c000000
|
page read and write
|
|||
7fe0c1377000
|
page read and write
|
|||
7fe0b24ec000
|
page read and write
|
|||
7fe0c1a36000
|
page read and write
|
|||
7fe0ab475000
|
page read and write
|
|||
7fe08b731000
|
page read and write
|
|||
7fe0d89ca000
|
page execute read
|
|||
7fe08a9f1000
|
page read and write
|
|||
7fe0c8045000
|
page execute read
|
|||
7fe0d808c000
|
page read and write
|
|||
7fe0d922b000
|
page read and write
|
|||
42b000
|
page execute read
|
|||
7fe0a851d000
|
page execute read
|
|||
13eb000
|
page read and write
|
|||
7fe08b72f000
|
page read and write
|
|||
7fe0cb6cc000
|
page read and write
|
|||
7fe0d806c000
|
page execute read
|
|||
7fe0d864e000
|
page read and write
|
|||
7fe0a871e000
|
page read and write
|
|||
62b000
|
page read and write
|
|||
7fe0aa332000
|
page read and write
|
|||
7fe0c86db000
|
page read and write
|
|||
7fe0c8f1e000
|
page read and write
|
|||
7fe0a0021000
|
page read and write
|
|||
7fe0acc95000
|
page execute read
|
|||
7fe0a8727000
|
page execute read
|
|||
7fe0c8017000
|
page execute read
|
|||
7fe0aab33000
|
page read and write
|
|||
7fe0c8700000
|
page execute read
|
|||
5602ae053000
|
page execute read
|
|||
7fe0c807a000
|
page read and write
|
|||
7fe0c801f000
|
page execute read
|
|||
7fe0b4021000
|
page read and write
|
|||
1363000
|
page read and write
|
|||
7fe0c1a37000
|
page read and write
|
|||
7fe0c8028000
|
page execute read
|
|||
7fe0c1e51000
|
page execute read
|
|||
7fe0d8a2a000
|
page read and write
|
|||
7fe0c13a5000
|
page execute read
|
|||
7fe0c86da000
|
page read and write
|
|||
7fe0c8f05000
|
page read and write
|
|||
7fe0cab21000
|
page read and write
|
|||
7fe0c8072000
|
page execute read
|
|||
7fe0c802c000
|
page read and write
|
|||
7fe0a82b1000
|
page read and write
|
|||
7fe0d800f000
|
page execute read
|
|||
42b000
|
page execute read
|
|||
7fe0c803b000
|
page read and write
|
|||
7fe0c15a6000
|
page read and write
|
|||
7fe08c021000
|
page read and write
|
|||
7fe0c8077000
|
page execute read
|
|||
5602ae056000
|
page read and write
|
|||
7fe0c0618000
|
page read and write
|
|||
7fe0acc78000
|
page read and write
|
|||
1363000
|
page read and write
|
|||
7fe0a8517000
|
page read and write
|
|||
7fe0b804f000
|
page read and write
|
|||
7fe0a4021000
|
page read and write
|
|||
7fe0c8066000
|
page execute read
|
|||
7fe08b4aa000
|
page read and write
|
|||
7fe0c124b000
|
page execute read
|
|||
7fe0c913e000
|
page read and write
|
|||
7fe0cc000000
|
page read and write
|
|||
7fe0c1192000
|
page read and write
|
|||
7fe0c4021000
|
page read and write
|
|||
7fe0c8032000
|
page execute read
|
|||
7fe0ac477000
|
page read and write
|
|||
7fe0c8f1f000
|
page read and write
|
|||
7fe0c1834000
|
page execute read
|
|||
7fe08b735000
|
page execute read
|
|||
7fd66772d000
|
page read and write
|
|||
7fe0c1355000
|
page execute read
|
|||
7fe0c1030000
|
page read and write
|
|||
7fe0c1c44000
|
page execute read
|
|||
7fe0c32b6000
|
page read and write
|
There are 174 hidden memdumps, click here to show them.