Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
KxTpfpJzPK.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
 |
|
|
/tmp/qemu-open.XxdFfM (deleted)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/KxTpfpJzPK.elf
|
/tmp/KxTpfpJzPK.elf
|
||
|
/tmp/KxTpfpJzPK.elf
|
-
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.fBKTZpHhzr /tmp/tmp.UD7HFmTAD6 /tmp/tmp.j4pNbUEbNf
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cat
|
cat /tmp/tmp.fBKTZpHhzr
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/head
|
head -n 10
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cut
|
cut -c -80
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cat
|
cat /tmp/tmp.fBKTZpHhzr
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/head
|
head -n 10
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/cut
|
cut -c -80
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.fBKTZpHhzr /tmp/tmp.UD7HFmTAD6 /tmp/tmp.j4pNbUEbNf
|
There are 12 hidden processes, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kovey.mezo-api.xyz
|
45.131.111.219
|
|
|
|
kovey.mezo-api.xyz.y9 f>366a0PV!E(C,:j5RDhy9 f15OOPV!a0EA@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.y9 fvj66a0PV!E(C:j]5~Dhy9 fOmOOPV!a0EA/@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.z9 f_66a0PV!E(9[5Dhz9 f1bJJPV!a0E<@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.9 fFs66a0PV!E(u995Cd9 ftOOPV!a0EAU@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.y9 f66a0PV!E(j5Dhy9 fjOOPV!a0EA&@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.9 f66a0PV!E(jl5d9 fCOOPV!a0EAn@@w
|
unknown
|
|
|
|
kovey.mezo-api.xyz.9 fpL66a0PV!E(f&:G5"2Bd9 f\OJJPV!a0E<eO@@uX
|
unknown
|
|
|
|
kovey.mezo-api.xyz.y9 f66a0PV!E(]O9Q55+Dhy9 fJOOPV!a0EAF@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.9 f\66a0PV!E(:k5Dd9 fOOPV!a0EAZ@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.9 f66a0PV!E(:$C5s)d9 fOOPV!a0EAK@@
|
unknown
|
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.131.111.219
|
kovey.mezo-api.xyz
|
Germany
|
|
|
|
54.171.230.55
|
unknown
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fa010027000
|
page execute read
|
|
||
|
55c7d6db1000
|
page read and write
|
|||
|
7fa01002f000
|
page read and write
|
|||
|
7fa1175f6000
|
page read and write
|
|||
|
7fa117b48000
|
page read and write
|
|||
|
55c7d4d9c000
|
page read and write
|
|||
|
7fa10ffff000
|
page read and write
|
|||
|
7fa117967000
|
page read and write
|
|||
|
7fa117cda000
|
page read and write
|
|||
|
7fa11738b000
|
page read and write
|
|||
|
7fa116f97000
|
page read and write
|
|||
|
55c7d6d9a000
|
page execute and read and write
|
|||
|
55c7d4b42000
|
page execute read
|
|||
|
7fa11678f000
|
page read and write
|
|||
|
7fa117785000
|
page read and write
|
|||
|
7fa117619000
|
page read and write
|
|||
|
7fa117c95000
|
page read and write
|
|||
|
7fa117c71000
|
page read and write
|
|||
|
7fa010032000
|
page read and write
|
|||
|
55c7d4d93000
|
page read and write
|
|||
|
7fa110021000
|
page read and write
|
|||
|
7fff1ccb6000
|
page read and write
|
|||
|
7fff1cd79000
|
page execute read
|
|||
|
7fa117029000
|
page read and write
|
|||
|
55c7d83f8000
|
page read and write
|
There are 15 hidden memdumps, click here to show them.