Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Trhc0oj3L5.elf
|
ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
|
initial sample
|
||
/tmp/qemu-open.QrfOZw (deleted)
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/Trhc0oj3L5.elf
|
/tmp/Trhc0oj3L5.elf
|
||
/tmp/Trhc0oj3L5.elf
|
-
|
||
/tmp/Trhc0oj3L5.elf
|
-
|
||
/usr/libexec/gnome-session-binary
|
-
|
||
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
kovey.mezo-api.xyz
|
45.131.111.219
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
45.131.111.219
|
kovey.mezo-api.xyz
|
Germany
|
||
89.190.156.145
|
unknown
|
United Kingdom
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7f7498027000
|
page execute read
|
|||
7f75a00c9000
|
page read and write
|
|||
7f759fa53000
|
page read and write
|
|||
7ffe8cf9d000
|
page read and write
|
|||
7f75a053d000
|
page read and write
|
|||
55a9b96fd000
|
page read and write
|
|||
7f759fce2000
|
page read and write
|
|||
7f759fa45000
|
page read and write
|
|||
55a9bb6fb000
|
page execute and read and write
|
|||
7f7498038000
|
page read and write
|
|||
7f75a0545000
|
page read and write
|
|||
55a9bb712000
|
page read and write
|
|||
55a9b96f4000
|
page read and write
|
|||
7f759f242000
|
page read and write
|
|||
7f7598021000
|
page read and write
|
|||
7f75a00a4000
|
page read and write
|
|||
7f75a058a000
|
page read and write
|
|||
55a9bd14c000
|
page read and write
|
|||
55a9b94c6000
|
page execute read
|
|||
7f749803b000
|
page read and write
|
|||
7ffe8cfe5000
|
page execute read
|
|||
7f75a0414000
|
page read and write
|
|||
7f7598000000
|
page read and write
|
There are 13 hidden memdumps, click here to show them.