IOC Report
yakuza.arm7.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/yakuza.arm7.elf
/tmp/yakuza.arm7.elf
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
/bin/sh
-
/usr/bin/pkill
pkill -9 902i13
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 902i13
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
/bin/sh
-
/usr/bin/pkill
pkill -9 BzSxLxBxeY
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 BzSxLxBxeY
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
/bin/sh
-
/usr/bin/pkill
pkill -9 HOHO-LUGO7
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 HOHO-LUGO7
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
/bin/sh
-
/usr/bin/pkill
pkill -9 HOHO-U79OL
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 HOHO-U79OL
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
/bin/sh
-
/usr/bin/pkill
pkill -9 JuYfouyf87
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 JuYfouyf87
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeR69xd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeR69xd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
/bin/sh
-
/usr/bin/pkill
pkill -9 SO190Ij1X
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SO190Ij1X
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
/bin/sh
-
/usr/bin/pkill
pkill -9 LOLKIKEEEDDE
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 LOLKIKEEEDDE
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
/bin/sh
-
/usr/bin/pkill
pkill -9 ekjheory98e
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ekjheory98e
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
/bin/sh
-
/usr/bin/pkill
pkill -9 scansh4
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 scansh4
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
/bin/sh
-
/usr/bin/pkill
pkill -9 MDMA
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MDMA
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
/bin/sh
-
/usr/bin/pkill
pkill -9 fdevalvex
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 fdevalvex
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
/bin/sh
-
/usr/bin/pkill
pkill -9 scanspc
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 scanspc
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
/bin/sh
-
/usr/bin/pkill
pkill -9 MELTEDNINJAREALZ
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MELTEDNINJAREALZ
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
/bin/sh
-
/usr/bin/pkill
pkill -9 flexsonskids
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 flexsonskids
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
/bin/sh
-
/usr/bin/pkill
pkill -9 scanx86
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 scanx86
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
/bin/sh
-
/usr/bin/pkill
pkill -9 MISAKI-U79OL
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MISAKI-U79OL
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
/bin/sh
-
/usr/bin/pkill
pkill -9 foAxi102kxe
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 foAxi102kxe
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
/bin/sh
-
/usr/bin/pkill
pkill -9 swodjwodjwoj
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 swodjwodjwoj
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
/bin/sh
-
/usr/bin/pkill
pkill -9 MmKiy7f87l
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 MmKiy7f87l
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
/bin/sh
-
/usr/bin/pkill
pkill -9 freecookiex86
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 freecookiex86
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
/bin/sh
-
/usr/bin/pkill
pkill -9 sysgpu
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 sysgpu
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeR69xd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeR69xd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 frgege || busybox pkill -9 frgege"
/bin/sh
-
/usr/bin/pkill
pkill -9 frgege
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 frgege
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
/bin/sh
-
/usr/bin/pkill
pkill -9 sysupdater
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 sysupdater
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
/bin/sh
-
/usr/bin/pkill
pkill -9 0DnAzepd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 0DnAzepd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeRD0nks69
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeRD0nks69
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
/bin/sh
-
/usr/bin/pkill
pkill -9 frgreu
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 frgreu
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
/bin/sh
-
/usr/bin/pkill
pkill -9 telnetd
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 telnetd
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
/bin/sh
-
/usr/bin/pkill
pkill -9 0x766f6964
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 0x766f6964
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
/bin/sh
-
/usr/bin/pkill
pkill -9 NiGGeRd0nks1337
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 NiGGeRd0nks1337
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 gaft || busybox pkill -9 gaft"
/bin/sh
-
/usr/bin/pkill
pkill -9 gaft
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 gaft
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
/bin/sh
-
/usr/bin/pkill
pkill -9 urasgbsigboa
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 urasgbsigboa
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
/bin/sh
-
/usr/bin/pkill
pkill -9 120i3UI49
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 120i3UI49
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
/bin/sh
-
/usr/bin/pkill
pkill -9 OaF3
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 OaF3
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 geae || busybox pkill -9 geae"
/bin/sh
-
/usr/bin/pkill
pkill -9 geae
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 geae
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
/bin/sh
-
/usr/bin/pkill
pkill -9 vaiolmao
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 vaiolmao
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 123123a || busybox pkill -9 123123a"
/bin/sh
-
/usr/bin/pkill
pkill -9 123123a
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 123123a
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
/bin/sh
-
/usr/bin/pkill
pkill -9 Ofurain0n4H34D
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 Ofurain0n4H34D
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggTrex
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggTrex
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 wasads || busybox pkill -9 wasads"
/bin/sh
-
/usr/bin/pkill
pkill -9 wasads
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 wasads
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
/bin/sh
-
/usr/bin/pkill
pkill -9 1293194hjXD
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 1293194hjXD
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
/bin/sh
-
/usr/bin/pkill
pkill -9 OthLaLosn
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 OthLaLosn
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggt || busybox pkill -9 ggt"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggt
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggt
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
/bin/sh
-
/usr/bin/pkill
pkill -9 wget-log
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 wget-log
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
/bin/sh
-
/usr/bin/pkill
pkill -9 1337SoraLOADER
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 1337SoraLOADER
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
/bin/sh
-
/usr/bin/pkill
pkill -9 SAIAKINA
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SAIAKINA
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggtq
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggtq
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
/bin/sh
-
/usr/bin/pkill
pkill -9 1378bfp919GRB1Q2
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 1378bfp919GRB1Q2
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
/bin/sh
-
/usr/bin/pkill
pkill -9 SAIAKUSO
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SAIAKUSO
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"
/bin/sh
-
/usr/bin/pkill
pkill -9 ggtr
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 ggtr
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 14Fa || busybox pkill -9 14Fa"
/bin/sh
-
/usr/bin/pkill
pkill -9 14Fa
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 14Fa
/tmp/yakuza.arm7.elf
-
/bin/sh
/bin/sh -c "pkill -9 SEXSLAVE1337 || busybox pkill -9 SEXSLAVE1337"
/bin/sh
-
/usr/bin/pkill
pkill -9 SEXSLAVE1337
/bin/sh
-
/usr/bin/busybox
busybox pkill -9 SEXSLAVE1337
There are 313 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://youtu.be/dQw4w9WgXcQ
unknown
https://youtu.be/dQw4w9WgXcQNever
unknown
http://87.10.220.221/yak.sh;
unknown

Domains

Name
IP
Malicious
daisy.ubuntu.com
162.213.35.25

IPs

IP
Domain
Country
Malicious
194.110.247.46
unknown
unknown
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
55f3f768e000
page read and write
7f44e66e0000
page read and write
7f44e5856000
page read and write
55f3f5670000
page read and write
7f44e6d38000
page read and write
55f3f541f000
page execute read
7f44e6c0f000
page read and write
7ffda4a91000
page read and write
55f3f541f000
page execute read
7f44e6d38000
page read and write
55f3f7677000
page execute and read and write
7f44e6d5c000
page read and write
7f44dffff000
page read and write
55f3f5679000
page read and write
7f44e6da1000
page read and write
7f43e0042000
page read and write
55f3f5679000
page read and write
7f43e0042000
page read and write
7f44e605e000
page read and write
7f43e004b000
page read and write
7f43e004d000
page read and write
7f44e6a2e000
page read and write
55f3f768e000
page read and write
55f3f768e000
page read and write
55f3f94e1000
page read and write
7f44e684c000
page read and write
7ffda4ae0000
page execute read
7f44dffff000
page read and write
7f44e605e000
page read and write
7f44e5856000
page read and write
7f43e004b000
page read and write
7f44e6da1000
page read and write
7f44e5856000
page read and write
7f44e66bd000
page read and write
7f44e6a2e000
page read and write
7f44e6a2e000
page read and write
7ffda4a91000
page read and write
7f43e004b000
page read and write
7f44e6d5c000
page read and write
7f44e6452000
page read and write
7f43e004c000
page read and write
7f44e66bd000
page read and write
55f3f5670000
page read and write
7f44e66bd000
page read and write
7f44e6d5c000
page read and write
7f44e6c0f000
page read and write
7f44e0021000
page read and write
7f44e6452000
page read and write
7f44e6da1000
page read and write
55f3f94c1000
page read and write
7f43e0042000
page read and write
7f44e66e0000
page read and write
7f44e60f0000
page read and write
7f44e60f0000
page read and write
7f44e684c000
page read and write
7f43e0039000
page execute read
7f44dffff000
page read and write
55f3f94c1000
page read and write
55f3f7677000
page execute and read and write
7ffda4ae0000
page execute read
7f43e0039000
page execute read
7f44e0021000
page read and write
7ffda4a91000
page read and write
7f44e605e000
page read and write
55f3f5679000
page read and write
7f44e60f0000
page read and write
55f3f5670000
page read and write
7f44e684c000
page read and write
55f3f94c1000
page read and write
7f44e66e0000
page read and write
7f44e0021000
page read and write
7f44e6c0f000
page read and write
7f44e6d38000
page read and write
7f43e0039000
page execute read
7ffda4ae0000
page execute read
55f3f541f000
page execute read
7f44e6452000
page read and write
55f3f7677000
page execute and read and write
There are 68 hidden memdumps, click here to show them.