Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
4LbWi40g57.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
||
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/4LbWi40g57.elf
|
/tmp/4LbWi40g57.elf
|
||
/tmp/4LbWi40g57.elf
|
-
|
||
/tmp/4LbWi40g57.elf
|
-
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 127
|
There are 5 hidden processes, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
daisy.ubuntu.com
|
162.213.35.24
|
||
subcarrace.indy
|
154.223.21.228
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
185.125.190.26
|
unknown
|
United Kingdom
|
||
154.223.21.228
|
subcarrace.indy
|
Seychelles
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7f04a1fae000
|
page read and write
|
|||
56446f2c6000
|
page read and write
|
|||
7f049c021000
|
page read and write
|
|||
7ffcefc77000
|
page read and write
|
|||
7f04a1c4c000
|
page read and write
|
|||
7f039c023000
|
page execute read
|
|||
56446cec3000
|
page execute read
|
|||
56446d11d000
|
page read and write
|
|||
7f04a276b000
|
page read and write
|
|||
56446d114000
|
page read and write
|
|||
7ffcefc86000
|
page execute read
|
|||
7f04a2219000
|
page read and write
|
|||
7f04a28b8000
|
page read and write
|
|||
7f04a223c000
|
page read and write
|
|||
7f049bfff000
|
page read and write
|
|||
7f039c02b000
|
page read and write
|
|||
56446f132000
|
page read and write
|
|||
7f039c032000
|
page read and write
|
|||
7f04a13b2000
|
page read and write
|
|||
7f04a1bba000
|
page read and write
|
|||
7f04a23a8000
|
page read and write
|
|||
7f04a28fd000
|
page read and write
|
|||
7f04a2894000
|
page read and write
|
|||
7f04a258a000
|
page read and write
|
|||
56446f11b000
|
page execute and read and write
|
There are 15 hidden memdumps, click here to show them.