Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
hmDumpR4Ys.elf
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, no section header
|
initial sample
|
||
/tmp/.sys.rrcache.data
|
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dab48a037fb31fef87b543e0e0d4527fb63b9b7e,
not stripped
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/hmDumpR4Ys.elf
|
/tmp/hmDumpR4Ys.elf
|
||
/tmp/hmDumpR4Ys.elf
|
-
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
||
http://www.openssl.org/support/faq.htmlRAND
|
unknown
|
||
http://www.openssl.org/support/faq.html
|
unknown
|
||
https://www.megtech.xyz/
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
www.megtech.xyz
|
15.197.130.221
|
||
daisy.ubuntu.com
|
162.213.35.24
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
15.197.130.221
|
www.megtech.xyz
|
United States
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7f6a3e396000
|
page execute and read and write
|
|||
7ffdc49a9000
|
page execute read
|
|||
7f6a3de92000
|
page execute and read and write
|
|||
7f6a3e00f000
|
page execute and read and write
|
|||
1775000
|
page execute and read and write
|
|||
7f6a3e02c000
|
page execute and read and write
|
|||
9a4000
|
page execute and read and write
|
|||
98e000
|
page execute read
|
|||
7f6a3e5ca000
|
page execute and read and write
|
|||
7ffdc49a1000
|
page execute and read and write
|
|||
7f6a3deac000
|
page execute and read and write
|
|||
7f6a3e585000
|
page execute and read and write
|
|||
7f6a3e36d000
|
page execute and read and write
|
|||
78d000
|
page execute read
|
There are 4 hidden memdumps, click here to show them.