IOC Report
.i.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.OcBkabXnC6 /tmp/tmp.ENXakVqvgt /tmp/tmp.a09PHFalJm
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.OcBkabXnC6
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.OcBkabXnC6
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.OcBkabXnC6 /tmp/tmp.ENXakVqvgt /tmp/tmp.a09PHFalJm
/tmp/.i.elf
/tmp/.i.elf
There are 11 hidden processes, click here to show them.

IPs

IP
Domain
Country
Malicious
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
5605321d7000
page read and write
7f9536fad000
page read and write
7f9430033000
page execute read
7ffd4735c000
page execute read
7ffd472be000
page read and write
7f953648e000
page read and write
7f9530021000
page read and write
7f953713f000
page read and write
7f95367f0000
page read and write
560535ce1000
page read and write
7f952ffff000
page read and write
7f9536bea000
page read and write
7f9535bf4000
page read and write
7f9536a5b000
page read and write
5605341d5000
page execute and read and write
5605341ec000
page read and write
5605321ce000
page read and write
7f9536dcc000
page read and write
7f95370d6000
page read and write
7f95370fa000
page read and write
7f9536a7e000
page read and write
7f95363fc000
page read and write
560531f7d000
page execute read
There are 13 hidden memdumps, click here to show them.