Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
epLN92K8RM.elf
|
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
|
initial sample
|
 |
|
|
/tmp/qemu-open.Z7l3T0 (deleted)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/epLN92K8RM.elf
|
/tmp/epLN92K8RM.elf
|
||
|
/tmp/epLN92K8RM.elf
|
-
|
||
|
/tmp/epLN92K8RM.elf
|
-
|
||
|
/usr/libexec/gnome-session-binary
|
-
|
||
|
/bin/sh
|
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
|
||
|
/usr/libexec/gsd-rfkill
|
/usr/libexec/gsd-rfkill
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kovey.mezo-api.xyz
|
45.131.111.219
|
|
|
|
kovey.mezo-api.xyz.= f66PV,PV!E(o95K= fVOOPV!PV,EAr@@U
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f466PV,PV!E(:Z5K= fJJPV!PV,E<[@@EC
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f&-66PV,PV!E(:5IK= f-OOPV!PV,EArl@@p
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f66PV,PV!E()jL5FA8= fkOOPV!PV,EAi@@s
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f66PV,PV!E(:b5KK= fOOPV!PV,EArY@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f66PV,PV!E(+958= fOOPV!PV,EA@@Y
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f_`66PV,PV!E(h:E5WK= f`OOPV!PV,EAr@@=
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= fG$66PV,PV!E(#_:5?H8= f&OOPV!PV,EAX@@
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f]66PV,PV!E(ij5e"8= f_OOPV!PV,EA@@Z
|
unknown
|
|
|
|
kovey.mezo-api.xyz.= f66PV,PV!E(kj5d#8= fJJPV!PV,E<)@@
|
unknown
|
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.131.111.219
|
kovey.mezo-api.xyz
|
Germany
|
|
|
|
89.190.156.145
|
unknown
|
United Kingdom
|
||
|
109.202.202.202
|
unknown
|
Switzerland
|
||
|
91.189.91.43
|
unknown
|
United Kingdom
|
||
|
91.189.91.42
|
unknown
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f71c402c000
|
page execute read
|
|
||
|
7f72cbb7a000
|
page read and write
|
|||
|
7f71c4037000
|
page read and write
|
|||
|
5589d4d8b000
|
page read and write
|
|||
|
5589d460b000
|
page read and write
|
|||
|
7f72cca04000
|
page read and write
|
|||
|
7f72cc414000
|
page read and write
|
|||
|
7f72cd05c000
|
page read and write
|
|||
|
7f72ccf33000
|
page read and write
|
|||
|
5589d239c000
|
page execute read
|
|||
|
5589d45f4000
|
page execute and read and write
|
|||
|
5589d25f6000
|
page read and write
|
|||
|
7f72cc776000
|
page read and write
|
|||
|
7f72c3fff000
|
page read and write
|
|||
|
5589d25ed000
|
page read and write
|
|||
|
7f72ccd52000
|
page read and write
|
|||
|
7f72cd0c5000
|
page read and write
|
|||
|
7f71c4034000
|
page read and write
|
|||
|
7fff2db01000
|
page read and write
|
|||
|
7f72cc382000
|
page read and write
|
|||
|
7f72cd080000
|
page read and write
|
|||
|
7f72cc9e1000
|
page read and write
|
|||
|
7fff2db37000
|
page execute read
|
|||
|
7f72ccb70000
|
page read and write
|
|||
|
7f72c4021000
|
page read and write
|
There are 15 hidden memdumps, click here to show them.