IOC Report
na.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/na.elf
/tmp/na.elf
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.PFXmteLXOf /tmp/tmp.aEFs07lvwW /tmp/tmp.N9haWn11fV
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.PFXmteLXOf
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.PFXmteLXOf
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.PFXmteLXOf /tmp/tmp.aEFs07lvwW /tmp/tmp.N9haWn11fV
There are 11 hidden processes, click here to show them.

IPs

IP
Domain
Country
Malicious
54.171.230.55
unknown
United States
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7ffc54351000
page read and write
7febc8021000
page read and write
5634de262000
page read and write
5634dbfbb000
page execute read
7febce364000
page read and write
5634de24b000
page execute and read and write
7febcea76000
page read and write
7febce728000
page read and write
7ffc543cb000
page execute read
7febce0a6000
page read and write
5634dc24d000
page read and write
7febc8000000
page read and write
7febced80000
page read and write
7febcd89e000
page read and write
5634dc243000
page read and write
7febce745000
page read and write
7febcedcd000
page read and write
7feb48115000
page execute read
7febce0b4000
page read and write
7febcec57000
page read and write
7febce705000
page read and write
5634df3b3000
page read and write
7febced88000
page read and write
There are 13 hidden memdumps, click here to show them.