Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
6pZSqZEAa2.elf
|
ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/tmp/qemu-open.5NmYtw (deleted)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/6pZSqZEAa2.elf
|
/tmp/6pZSqZEAa2.elf
|
||
|
/tmp/6pZSqZEAa2.elf
|
-
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kovey.mezo-api.xyz
|
45.131.111.219
|
|
|
|
kovey.mezo-api.xyz.: f66a1PV!E(_j5u!}: fOOPV!a1EA
|
unknown
|
|
|
|
kovey.mezo-api.xyz.: fJ66a1PV!E(b9L5K}: fKOOPV!a1EA
|
unknown
|
|
|
|
kovey.mezo-api.xyz.; fi66a1PV!E(e95o%; fOOPV!a1EA.@@.aV5-%koveymezo-apixyzm; fU[66a1PV!E(:.5.%; fc]OOPV!a1EA@@bH5-%.kovey.mezo-api.xyz.;
f66a1PV!E(z95%; fOOPV!a1EA.@@.=5-I%koveymezo-apixyzm; f66a1PV!E(89.5
|
unknown
|
|
|
|
kovey.mezo-api.xyz.: f-66a1PV!E(Oa:^54}: fNNPV!a1E@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.; f66a1PV!E(895D%; f#OOPV!a1EA.@@.2x5-%koveymezo-apixyzm; f(66a1PV!E(mj.5.%; f)NNPV!a1E@@@b15,U\mezo-koveymezo-apixyz;
f6
|
unknown
|
|
|
|
kovey.mezo-api.xyz.; fU[66a1PV!E(:5V%; fc]OOPV!a1EA.@@.H5-%koveymezo-apixyzm; f66a1PV!E(z9.5.%; fO
|
unknown
|
|
|
|
kovey.mezo-api.xyz.; f66a1PV!E(z95%; fOOPV!a1EA.@@.=5-I%koveymezo-apixyzm; f66a1PV!E(89.5
|
unknown
|
|
|
|
kovey.mezo-api.xyz.: f66a1PV!E(C:j5}: fOOPV!a1EA
|
unknown
|
|
|
|
kovey.mezo-api.xyz.; f(66a1PV!E(mj5x%; f)NNPV!a1E@.@@.15,U\mezo-koveymezo-apixyz; f66a1PV!E(g:.5
|
unknown
|
|
|
|
kovey.mezo-api.xyz.: fz66a1PV!E(j5kmQ}: f{OOPV!a1EA
|
unknown
|
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.131.111.219
|
kovey.mezo-api.xyz
|
Germany
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7efea8011000
|
page execute read
|
|
||
|
7eff30d9f000
|
page read and write
|
|||
|
7fff227a7000
|
page read and write
|
|||
|
7eff30c76000
|
page read and write
|
|||
|
7eff3092b000
|
page read and write
|
|||
|
7eff302b5000
|
page read and write
|
|||
|
7efea8013000
|
page read and write
|
|||
|
7eff30da7000
|
page read and write
|
|||
|
7fff227e6000
|
page execute read
|
|||
|
564fe64cc000
|
page read and write
|
|||
|
7eff28000000
|
page read and write
|
|||
|
7eff2faa4000
|
page read and write
|
|||
|
7eff30dec000
|
page read and write
|
|||
|
564fe89b7000
|
page read and write
|
|||
|
7eff28021000
|
page read and write
|
|||
|
564fe64c4000
|
page read and write
|
|||
|
7efea8016000
|
page read and write
|
|||
|
7eff30544000
|
page read and write
|
|||
|
7eff30906000
|
page read and write
|
|||
|
7eff302a7000
|
page read and write
|
|||
|
564fe84ca000
|
page execute and read and write
|
|||
|
564fe6292000
|
page execute read
|
|||
|
564fe8561000
|
page read and write
|
There are 13 hidden memdumps, click here to show them.