Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ssk7Ah3h5D.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
||
/run/user/127/dconf/user
|
very short file (no magic)
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/ssk7Ah3h5D.elf
|
/tmp/ssk7Ah3h5D.elf
|
||
/tmp/ssk7Ah3h5D.elf
|
-
|
||
/tmp/ssk7Ah3h5D.elf
|
-
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
|
||
/usr/libexec/gsd-sharing
|
/usr/libexec/gsd-sharing
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/bin/gnome-shell
|
||
/usr/bin/gnome-shell
|
/usr/bin/gnome-shell
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/sbin/gdm3
|
-
|
||
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-user-runtime-dir
|
/lib/systemd/systemd-user-runtime-dir stop 127
|
There are 5 hidden processes, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
subcarrace.indy. [malformed]
|
unknown
|
||
daisy.ubuntu.com
|
162.213.35.25
|
||
fortyfivehundred.dyn
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
154.205.144.234
|
unknown
|
Seychelles
|
||
162.243.19.47
|
unknown
|
United States
|
||
116.203.104.203
|
unknown
|
Germany
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7f9fc8021000
|
page read and write
|
|||
565309558000
|
page read and write
|
|||
7f9fd0091000
|
page read and write
|
|||
7fff46119000
|
page execute read
|
|||
56530b56d000
|
page read and write
|
|||
7f9fcfd2f000
|
page read and write
|
|||
5653092fe000
|
page execute read
|
|||
7f9fd02fc000
|
page read and write
|
|||
7f9ec8032000
|
page read and write
|
|||
7f9fd031f000
|
page read and write
|
|||
7f9fcfc9d000
|
page read and write
|
|||
7f9fd0977000
|
page read and write
|
|||
7fff460ae000
|
page read and write
|
|||
56530b556000
|
page execute and read and write
|
|||
7f9ec802b000
|
page read and write
|
|||
7f9fd084e000
|
page read and write
|
|||
7f9fc7fff000
|
page read and write
|
|||
7f9fd099b000
|
page read and write
|
|||
56530954f000
|
page read and write
|
|||
56530cbd7000
|
page read and write
|
|||
7f9fd048b000
|
page read and write
|
|||
7f9ec8023000
|
page execute read
|
|||
7f9fcf495000
|
page read and write
|
|||
7f9fd066d000
|
page read and write
|
|||
7f9fd09e0000
|
page read and write
|
There are 15 hidden memdumps, click here to show them.