IOC Report
na.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/na.elf
/tmp/na.elf
/tmp/na.elf
-
/tmp/na.elf
-
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.ZZlBmvzIUL /tmp/tmp.MxMrwp3ptI /tmp/tmp.FLGVJ0vhfV
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.ZZlBmvzIUL
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.ZZlBmvzIUL
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.ZZlBmvzIUL /tmp/tmp.MxMrwp3ptI /tmp/tmp.FLGVJ0vhfV
There are 13 hidden processes, click here to show them.

Domains

Name
IP
Malicious
xlabresearch.ru
unknown

IPs

IP
Domain
Country
Malicious
77.232.36.152
unknown
Russian Federation
54.247.62.1
unknown
United States

Memdumps

Base Address
Regiontype
Protect
Malicious
7f7cf8467000
page read and write
56048b499000
page read and write
560487679000
page execute read
7f7d80c73000
page read and write
7ffe9633b000
page read and write
7f7cf8420000
page execute read
7f7d78021000
page read and write
7f7d80fe4000
page read and write
560489920000
page read and write
7f7d812ee000
page read and write
560487901000
page read and write
560489909000
page execute and read and write
7f7d80622000
page read and write
7f7d811c5000
page read and write
7f7d80cb3000
page read and write
56048790b000
page read and write
7ffe9638f000
page execute read
7f7d7fe0c000
page read and write
7f7d812f6000
page read and write
7f7d808d2000
page read and write
7f7d8133b000
page read and write
7f7d80c96000
page read and write
7f7d78000000
page read and write
7f7cf8461000
page read and write
7f7d80614000
page read and write
There are 15 hidden memdumps, click here to show them.