IOC Report
NLHiAJgSnj.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/NLHiAJgSnj.elf
/tmp/NLHiAJgSnj.elf
/tmp/NLHiAJgSnj.elf
-
/tmp/NLHiAJgSnj.elf
-
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-user-runtime-dir
/lib/systemd/systemd-user-runtime-dir stop 127
There are 5 hidden processes, click here to show them.

Domains

Name
IP
Malicious
krddnsnet.dyn
154.90.62.142
 malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
154.90.62.142
krddnsnet.dyn
Seychelles
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
7fe189f20000
page read and write
5578c568f000
page execute read
7fe18a4fc000
page read and write
7fe189b2c000
page read and write
7fe08402e000
page read and write
5578c58e0000
page read and write
7fe18a31a000
page read and write
7fe084025000
page execute read
7fe183fff000
page read and write
5578c7f0d000
page read and write
7fe084038000
page read and write
7fe18a1ae000
page read and write
7fe189324000
page read and write
7fe189bbe000
page read and write
5578c78e7000
page execute and read and write
7ffcfc3b8000
page execute read
7fe18a86f000
page read and write
5578c58e9000
page read and write
7fe18a806000
page read and write
7fe18a18b000
page read and write
5578c78fe000
page read and write
7fe18a6dd000
page read and write
7fe184021000
page read and write
7fe18a82a000
page read and write
7ffcfc3b2000
page read and write
There are 15 hidden memdumps, click here to show them.