IOC Report
5FteLLQ1oY.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/5FteLLQ1oY.elf
/tmp/5FteLLQ1oY.elf
/tmp/5FteLLQ1oY.elf
-
/tmp/5FteLLQ1oY.elf
-
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/bin/gnome-shell
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/libexec/gsd-sharing
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-user-runtime-dir
/lib/systemd/systemd-user-runtime-dir stop 127
There are 5 hidden processes, click here to show them.

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.24

IPs

IP
Domain
Country
Malicious
199.59.243.227
unknown
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
7ffd44361000
page execute read
7fc332256000
page read and write
7fc2ac457000
page read and write
55e03e645000
page execute and read and write
7fc3328e7000
page read and write
7fc332df9000
page read and write
55e03c3b5000
page execute read
55e03c647000
page read and write
7fc332506000
page read and write
55e03e65c000
page read and write
55e03e8d0000
page read and write
7fc2ac410000
page execute read
7fc332f6f000
page read and write
55e03c63d000
page read and write
7ffd442dc000
page read and write
7fc332f2a000
page read and write
7fc32c021000
page read and write
7fc332248000
page read and write
7fc3328ca000
page read and write
7fc32c000000
page read and write
7fc331a40000
page read and write
7fc332f22000
page read and write
7fc2ac450000
page read and write
7fc332c18000
page read and write
7fc3328a7000
page read and write
There are 15 hidden memdumps, click here to show them.