Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

linux_arm64.elf

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

initial sample

/boot/System.img.config

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/etc/32678

POSIX shell script, ASCII text executable

dropped

/etc/crontab

ASCII text

dropped

/etc/id.services.conf

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/etc/init.d/linux_kill

POSIX shell script, ASCII text executable

dropped

/etc/init.d/ssh

POSIX shell script, ASCII text executable

dropped

/etc/profile.d/bash_config

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/etc/profile.d/bash_config.sh

a /bin/sh\n/etc/profile.d/bash_config script, ASCII text executable, with no line terminators

dropped

/usr/bin/dir

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/bin/find

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/bin/ls

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/bin/lsof

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/bin/netstat

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/bin/ps

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/bin/ss

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/lib/libdlrpcld.so

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/usr/lib/system-monitor

ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, Go BuildID=fUe30mt-1hKvEz1UBTdp/5QbTtFn71-rN7ZI-ENWj/mYOObtc5woo0nEa4KRdU/o_AVa7BVI_BxMPtiCGaq, stripped

dropped

/.img

a /bin/sh\n/usr/lib/libdlrpcld.so script, ASCII text executable, with no line terminators

dropped

/memfd:snapd-env-generator (deleted)

ASCII text

dropped

/proc/6085/loginuid

very short file (no magic)

dropped

/run/crond.pid

ASCII text

dropped

/tmp/#542677 (deleted)

ASCII text

dropped

/tmp/qemu-open.0VMpig (deleted)

ASCII text

dropped

/tmp/qemu-open.0jilLe (deleted)

ASCII text

dropped

/tmp/qemu-open.1UsJMc (deleted)

ASCII text

dropped

/tmp/qemu-open.2hLKvc (deleted)

ASCII text

dropped

/tmp/qemu-open.3E1odd (deleted)

ASCII text

dropped

/tmp/qemu-open.3Lpx4b (deleted)

ASCII text

dropped

/tmp/qemu-open.3RHSGd (deleted)

ASCII text

dropped

/tmp/qemu-open.464mMb (deleted)

ASCII text

dropped

/tmp/qemu-open.4DO1Af (deleted)

ASCII text

dropped

/tmp/qemu-open.4cpK0e (deleted)

ASCII text

dropped

/tmp/qemu-open.5PjUBc (deleted)

ASCII text

dropped

/tmp/qemu-open.5RmPLc (deleted)

ASCII text

dropped

/tmp/qemu-open.6KtVqc (deleted)

ASCII text

dropped

/tmp/qemu-open.8U7rtc (deleted)

ASCII text

dropped

/tmp/qemu-open.9E7qDf (deleted)

ASCII text

dropped

/tmp/qemu-open.AkRp6f (deleted)

ASCII text

dropped

/tmp/qemu-open.BPMIhd (deleted)

ASCII text

dropped

/tmp/qemu-open.C5LTde (deleted)

ASCII text

dropped

/tmp/qemu-open.CaR6Wb (deleted)

ASCII text

dropped

/tmp/qemu-open.DvRo3f (deleted)

ASCII text

dropped

/tmp/qemu-open.DyZcUf (deleted)

ASCII text

dropped

/tmp/qemu-open.Ephr6f (deleted)

ASCII text

dropped

/tmp/qemu-open.GJmHHd (deleted)

ASCII text

dropped

/tmp/qemu-open.GQNObd (deleted)

ASCII text

dropped

/tmp/qemu-open.GZPzCc (deleted)

ASCII text

dropped

/tmp/qemu-open.Hs0Wid (deleted)

ASCII text

dropped

/tmp/qemu-open.JG9oGd (deleted)

ASCII text

dropped

/tmp/qemu-open.KIJQCd (deleted)

ASCII text

dropped

/tmp/qemu-open.KlDsbe (deleted)

ASCII text

dropped

/tmp/qemu-open.KqtYVc (deleted)

ASCII text

dropped

/tmp/qemu-open.LXXQng (deleted)

ASCII text

dropped

/tmp/qemu-open.MJF4df (deleted)

ASCII text

dropped

/tmp/qemu-open.MZ6KMb (deleted)

ASCII text

dropped

/tmp/qemu-open.MenOJd (deleted)

ASCII text

dropped

/tmp/qemu-open.Mwrkyd (deleted)

ASCII text

dropped

/tmp/qemu-open.N9U2Fd (deleted)

ASCII text

dropped

/tmp/qemu-open.NKGT7b (deleted)

ASCII text

dropped

/tmp/qemu-open.ON6SEd (deleted)

ASCII text

dropped

/tmp/qemu-open.OTErlg (deleted)

ASCII text

dropped

/tmp/qemu-open.PM1lcf (deleted)

ASCII text

dropped

/tmp/qemu-open.PeB4Sf (deleted)

ASCII text

dropped

/tmp/qemu-open.QjWySf (deleted)

ASCII text

dropped

/tmp/qemu-open.RB81Dc (deleted)

ASCII text

dropped

/tmp/qemu-open.Rjbn6b (deleted)

ASCII text

dropped

/tmp/qemu-open.Rsmxwe (deleted)

ASCII text

dropped

/tmp/qemu-open.S6zxmg (deleted)

ASCII text

dropped

/tmp/qemu-open.T8BvPb (deleted)

ASCII text

dropped

/tmp/qemu-open.TcZcIf (deleted)

ASCII text

dropped

/tmp/qemu-open.WiBgrf (deleted)

ASCII text

dropped

/tmp/qemu-open.WvbAsd (deleted)

ASCII text

dropped

/tmp/qemu-open.Xdsdvf (deleted)

ASCII text

dropped

/tmp/qemu-open.Xv7Tre (deleted)

ASCII text

dropped

/tmp/qemu-open.YsYhRf (deleted)

ASCII text

dropped

/tmp/qemu-open.ZWbw1e (deleted)

ASCII text

dropped

/tmp/qemu-open.ZxFBRe (deleted)

ASCII text

dropped

/tmp/qemu-open.a6EqTb (deleted)

ASCII text

dropped

/tmp/qemu-open.aA13mc (deleted)

ASCII text

dropped

/tmp/qemu-open.bhKYMc (deleted)

ASCII text

dropped

/tmp/qemu-open.bxBIBf (deleted)

ASCII text

dropped

/tmp/qemu-open.cUWJQf (deleted)

ASCII text

dropped

/tmp/qemu-open.ckuM5f (deleted)

ASCII text

dropped

/tmp/qemu-open.eEOJzd (deleted)

ASCII text

dropped

/tmp/qemu-open.ehp7ie (deleted)

ASCII text

dropped

/tmp/qemu-open.f6tihe (deleted)

ASCII text

dropped

/tmp/qemu-open.fDy6Ce (deleted)

ASCII text

dropped

/tmp/qemu-open.gTI5qc (deleted)

ASCII text

dropped

/tmp/qemu-open.h0fchg (deleted)

ASCII text

dropped

/tmp/qemu-open.hT2aVd (deleted)

ASCII text

dropped

/tmp/qemu-open.hejFyc (deleted)

ASCII text

dropped

/tmp/qemu-open.hlifIe (deleted)

ASCII text

dropped

/tmp/qemu-open.i6xgMf (deleted)

ASCII text

dropped

/tmp/qemu-open.iqpu2f (deleted)

ASCII text

dropped

/tmp/qemu-open.jkbiQb (deleted)

ASCII text

dropped

/tmp/qemu-open.jqWRqe (deleted)

ASCII text

dropped

/tmp/qemu-open.kOIUbc (deleted)

ASCII text

dropped

/tmp/qemu-open.kakWOf (deleted)

ASCII text

dropped

/tmp/qemu-open.kopARe (deleted)

ASCII text

dropped

/tmp/qemu-open.lhJ6hc (deleted)

ASCII text

dropped

/tmp/qemu-open.lvSoUc (deleted)

ASCII text

dropped

/tmp/qemu-open.m2VYBf (deleted)

ASCII text

dropped

/tmp/qemu-open.mZKh5e (deleted)

ASCII text

dropped

/tmp/qemu-open.o6D6jc (deleted)

ASCII text

dropped

/tmp/qemu-open.oOYJTf (deleted)

ASCII text

dropped

/tmp/qemu-open.oVbwMb (deleted)

ASCII text

dropped

/tmp/qemu-open.ohN95f (deleted)

ASCII text

dropped

/tmp/qemu-open.p17dkf (deleted)

ASCII text

dropped

/tmp/qemu-open.p1TUzc (deleted)

ASCII text

dropped

/tmp/qemu-open.pYLzpe (deleted)

ASCII text

dropped

/tmp/qemu-open.pdwSSb (deleted)

ASCII text

dropped

/tmp/qemu-open.pg07Vb (deleted)

ASCII text

dropped

/tmp/qemu-open.pxNrAf (deleted)

ASCII text

dropped

/tmp/qemu-open.r2FMkg (deleted)

ASCII text

dropped

/tmp/qemu-open.rBOhQf (deleted)

ASCII text

dropped

/tmp/qemu-open.rERGFc (deleted)

ASCII text

dropped

/tmp/qemu-open.rZ1Iic (deleted)

ASCII text

dropped

/tmp/qemu-open.rmbiZc (deleted)

ASCII text

dropped

/tmp/qemu-open.rnIo0b (deleted)

ASCII text

dropped

/tmp/qemu-open.s9iFHe (deleted)

ASCII text

dropped

/tmp/qemu-open.sTibmc (deleted)

ASCII text

dropped

/tmp/qemu-open.sVLoQd (deleted)

ASCII text

dropped

/tmp/qemu-open.saZ94d (deleted)

ASCII text

dropped

/tmp/qemu-open.t0Vtfd (deleted)

ASCII text

dropped

/tmp/qemu-open.tC1ZPc (deleted)

ASCII text

dropped

/tmp/qemu-open.tR79gc (deleted)

ASCII text

dropped

/tmp/qemu-open.tmUhUf (deleted)

ASCII text

dropped

/tmp/qemu-open.tuIgfg (deleted)

ASCII text

dropped

/tmp/qemu-open.uvjHOf (deleted)

ASCII text

dropped

/tmp/qemu-open.vkDdQf (deleted)

ASCII text

dropped

/tmp/qemu-open.wOrB3e (deleted)

ASCII text

dropped

/tmp/qemu-open.wVM62b (deleted)

ASCII text

dropped

/tmp/qemu-open.we2zif (deleted)

ASCII text

dropped

/tmp/qemu-open.xxZIlg (deleted)

ASCII text

dropped

/tmp/qemu-open.y6pDze (deleted)

ASCII text

dropped

/tmp/qemu-open.zWeVqf (deleted)

ASCII text

dropped

/tmp/qemu-open.zst3Qd (deleted)

ASCII text

dropped

/usr/lib/systemd/system/linux.service

ASCII text

dropped

/var/log/btmp

data

dropped

There are 130 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

/tmp/linux_arm64.elf

/bin/bash

/bin/bash -c /etc/32678&

/bin/bash

/etc/32678

/usr/bin/sleep

sleep 60

/tmp/linux_arm64.elf

/usr/sbin/service

service crond start

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/systemctl

systemctl --quiet is-active multi-user.target

/usr/sbin/service

/usr/bin/systemctl

systemctl list-unit-files --full --type=socket

/usr/sbin/service

/usr/bin/sed

sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

/usr/bin/systemctl

systemctl start crond.service

/tmp/linux_arm64.elf

/usr/sbin/update-rc.d

update-rc.d linux_kill defaults

/usr/sbin/update-rc.d

/usr/bin/systemctl

systemctl daemon-reload

/tmp/linux_arm64.elf

/bin/bash

/bin/bash -c "cd /boot;systemctl daemon-reload;systemctl enable linux.service;systemctl start linux.service;journalctl -xe --no-pager"

/bin/bash

/usr/bin/systemctl

systemctl daemon-reload

/bin/bash

/usr/bin/systemctl

systemctl enable linux.service

/bin/bash

/usr/bin/systemctl

systemctl start linux.service

/bin/bash

/usr/bin/journalctl

journalctl -xe --no-pager

/tmp/linux_arm64.elf

/bin/bash

/bin/bash -c "cd /boot;ausearch -c 'System.img.conf' --raw | audit2allow -M my-Systemimgconf;semodule -X 300 -i my-Systemimgconf.pp"

/bin/bash

/tmp/linux_arm64.elf

/usr/bin/bash

bash -c "echo \"*/1 * * * * root /.img \" >> /etc/crontab"

/tmp/linux_arm64.elf

/usr/bin/renice

renice -20 5568

/tmp/linux_arm64.elf

/usr/bin/mount

mount -o bind /tmp/ /proc/5568

/tmp/linux_arm64.elf

/usr/sbin/service

service cron start

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/systemctl

systemctl --quiet is-active multi-user.target

/usr/sbin/service

/usr/bin/systemctl

systemctl list-unit-files --full --type=socket

/usr/sbin/service

/usr/bin/sed

sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

/usr/bin/systemctl

systemctl start cron.service

/tmp/linux_arm64.elf

/usr/bin/systemctl

systemctl start crond.service

/usr/lib/systemd/systemd

/usr/lib/systemd/system-environment-generators/snapd-env-generator

/usr/lib/systemd/systemd

/usr/lib/systemd/system-environment-generators/snapd-env-generator

/usr/lib/systemd/systemd

/usr/lib/systemd/system-environment-generators/snapd-env-generator

/usr/lib/systemd/systemd

/boot/System.img.config

/usr/bin/pkill

pkill -9 32678

/boot/System.img.config

/usr/bin/sh

sh -c /etc/32678&

/usr/bin/sh

/etc/32678

/usr/bin/sleep

sleep 60

/etc/32678

/etc/id.services.conf

/usr/bin/pkill

pkill -9 32678

/etc/id.services.conf

/usr/bin/sh

sh -c /etc/32678&

/usr/bin/sh

/etc/32678

/usr/bin/sleep

sleep 60

/etc/id.services.conf

/usr/sbin/service

service crond start

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/systemctl

systemctl --quiet is-active multi-user.target

/usr/sbin/service

/usr/bin/systemctl

systemctl list-unit-files --full --type=socket

/usr/sbin/service

/usr/bin/sed

sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

/usr/bin/systemctl

systemctl start crond.service

/etc/id.services.conf

/boot/System.img.config

/usr/sbin/service

service crond start

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/basename

basename /usr/sbin/service

/usr/sbin/service

/usr/bin/systemctl

systemctl --quiet is-active multi-user.target

/usr/sbin/service

/usr/bin/systemctl

systemctl list-unit-files --full --type=socket

/usr/sbin/service

/usr/bin/sed

sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p

/usr/bin/systemctl

systemctl start crond.service

/boot/System.img.config

/usr/sbin/sshd

/usr/sbin/sshd -D -R

/usr/sbin/sshd

/usr/sbin/sshd -D -R

/usr/sbin/sshd

/usr/sbin/sshd -D -R

/usr/sbin/sshd

/usr/sbin/sshd -D -R

/usr/sbin/sshd

/usr/sbin/sshd -D -R

/usr/sbin/sshd

/usr/sbin/sshd -D -R

/usr/sbin/sshd

/usr/lib/udisks2/udisksd

/usr/sbin/dumpe2fs

dumpe2fs -h /dev/dm-0

/usr/lib/systemd/systemd

/usr/sbin/cron

/usr/sbin/cron -f

/usr/sbin/cron

/bin/sh

/bin/sh -c "/.img "

/bin/sh

/usr/lib/systemd/systemd

/usr/sbin/cron

/usr/sbin/cron -f

There are 138 hidden processes, click here to show them.

URLs

Name

Malicious

http://103.135.101.78:808/password.txt

103.135.101.78

http://www.baidu.com/search/spider.html)Mozilla/5.0

unknown

http://search.msn.com/msnbot.htm

unknown

https://www.so.com/s?q=index

unknown

http://help.yahoo.com/help/us/ysearch/slurp)x509:

unknown

https://www.baidu.com/s?wd=insufficient

unknown

http://www.youdao.com/help/webmaster/spider/;)reflect:

unknown

http://www.baidu.com/search/spider.html)http2:

unknown

http://yandex.com/bots)http:

unknown

https://search.yahoo.com/search?p=illegal

unknown

Domains

Name

Malicious

aras.liveya.org

103.135.101.78

Details

Name:	aras.liveya.org
IP:	103.135.101.78
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

www.google.com

172.217.17.68

Details

Name:	www.google.com
IP:	172.217.17.68
TargetID:	-1
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

103.135.101.78

aras.liveya.org

Hong Kong

Details

IP:	103.135.101.78
TargetID:	-1
Country:	Hong Kong
Countrycode:	HKG
ASN number:	4842
ASN name:	TH-AS-APTianhaiInfoTechCN
Private:	false
Domain:	aras.liveya.org

Signature Hits	Behavior Group	Mitre Attack
Connects to many ports of the same IP (likely port scanning)	Networking
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer

Memdumps

Base Address

Regiontype

Protect

Malicious

40053e2000

page read and write

561f3a76e000

page read and write

4000863000

page read and write

7f4cda0c7000

page read and write

7fb20ac01000

page read and write

400096c000

page read and write

7ff6473c6000

page read and write

7f946b73f000

page read and write

555b02bdb000

page read and write

40011b2000

page read and write

7fb20c1e6000

page read and write

7ff647053000

page read and write

7f4cd9bb7000

page read and write

7fb20ac42000

page read and write

7f95578dc000

page read and write

25d000

page execute read

400096c000

page read and write

7ff63c021000

page read and write

561f3a4f1000

page execute read

5619790a9000

page read and write

4000863000

page read and write

4000861000

page read and write

7ff645d78000

page read and write

7ffce13f0000

page execute read

7f9556642000

page read and write

7fffc8cd3000

page read and write

40053e2000

page read and write

561f3a779000

page read and write

7f954c021000

page read and write

7f946a794000

page read and write

7fb20c20a000

page read and write

7f9557c4f000

page read and write

7f9556f9e000

page read and write

4fd000

page read and write

7ffcaf586000

page read and write

7fff8d2bf000

page read and write

4fd000

page read and write

4fd000

page read and write

7f4cd8aff000

page read and write

555b0295e000

page execute read

14000400000

page read and write

55d6df2de000

page execute read

55d6df566000

page read and write

7ffef4d32000

page read and write

7f9556704000

page read and write

7fb200021000

page read and write

53f000

page read and write

7f4cda0a3000

page read and write

4000861000

page read and write

7fb20c24f000

page read and write

7f9460021000

page read and write

5561486bc000

page execute read

1400000b000

page read and write

14000400000

page read and write

7f4cd8abe000

page read and write

7f4cd97bd000

page read and write

7fffc8cf9000

page execute read

25d000

page execute read

7ff640021000

page read and write

561f3e23e000

page read and write

7f9557c0a000

page read and write

7f9454021000

page read and write

7ff646a77000

page read and write

7f946bdde000

page read and write

7ff646715000

page read and write

7f9550021000

page read and write

7fb20b900000

page read and write

7f4ccc021000

page read and write

7f9548021000

page read and write

53f000

page read and write

25d000

page execute read

55614b15e000

page read and write

7f946bdba000

page read and write

4000863000

page read and write

4000863000

page read and write

7ff64735d000

page read and write

40274d2000

page read and write

1400003b000

page read and write

56197add8000

page read and write

55614a942000

page execute and read and write

555b02be6000

page read and write

7f946b0e0000

page read and write

7f946b172000

page read and write

7ff646d05000

page read and write

561f3c777000

page execute and read and write

7ff646ce2000

page read and write

7ff630021000

page read and write

40053e2000

page read and write

53f000

page read and write

7f4cd8bc1000

page read and write

7ff647381000

page read and write

7fff8d3f0000

page execute read

4fd000

page read and write

55d6e157a000

page read and write

7f4cd9f7a000

page read and write

561976e0d000

page execute read

55d6df55b000

page read and write

7f4cd9a28000

page read and write

7f95576fa000

page read and write

40053e2000

page read and write

556148944000

page read and write

7fb20bb8e000

page read and write

4000863000

page read and write

4fd000

page read and write

555b04be4000

page execute and read and write

40011b2000

page read and write

7f946b8ce000

page read and write

40053e2000

page read and write

1400000b000

page read and write

7f9557abd000

page read and write

7f955758e000

page read and write

7fb20c0bd000

page read and write

4027512000

page read and write

561f3c78d000

page read and write

40011b2000

page read and write

55614a958000

page read and write

53f000

page read and write

7f4cd0021000

page read and write

7f9557be6000

page read and write

7f9556f0c000

page read and write

40274d2000

page read and write

40274d2000

page read and write

7ff645e7b000

page read and write

7f9557300000

page read and write

7fb20b59e000

page read and write

7f4cd9d99000

page read and write

7f4cd4021000

page read and write

4000861000

page read and write

7ffef4dc0000

page execute read

7f9556601000

page read and write

14000400000

page read and write

7fb20bb6b000

page read and write

40011b2000

page read and write

7f945c021000

page read and write

7fb1fc021000

page read and write

40011b2000

page read and write

7f946bc91000

page read and write

7f946b4d4000

page read and write

7f9540021000

page read and write

7ff647234000

page read and write

4000861000

page read and write

7ff646683000

page read and write

555b06001000

page read and write

7f9544021000

page read and write

7fb20bcfa000

page read and write

7f9464021000

page read and write

7f946bab0000

page read and write

7f955756b000

page read and write

7ffce1352000

page read and write

1400003b000

page read and write

7f946a7d5000

page read and write

14000400000

page read and write

7fb204021000

page read and write

25d000

page execute read

400096c000

page read and write

7f946b762000

page read and write

561979093000

page execute and read and write

7f95565c0000

page read and write

7f4cda10c000

page read and write

55d6e26f3000

page read and write

7f4cd945b000

page read and write

555b04bfa000

page read and write

7ff646e71000

page read and write

7fb20bedc000

page read and write

7f4cc4021000

page read and write

55d6e1564000

page execute and read and write

7ff645db9000

page read and write

556148939000

page read and write

7f4cd93c9000

page read and write

14000400000

page read and write

7f946a816000

page read and write

4000861000

page read and write

56197708a000

page read and write

7f9458021000

page read and write

400096c000

page read and write

561977095000

page read and write

7f946a8d8000

page read and write

1400000b000

page read and write

53f000

page read and write

400096c000

page read and write

7fb20ad04000

page read and write

7ff638021000

page read and write

7ffcaf5c4000

page execute read

7fb20b50c000

page read and write

7fb1f4021000

page read and write

7f4cd9a4b000

page read and write

4027512000

page read and write

25d000

page execute read

7f946be23000

page read and write

There are 179 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
linux_arm64.elf

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportlinux_arm64.elf

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
linux_arm64.elf