IOC Report
ew3OL4dYca.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/ew3OL4dYca.elf
/tmp/ew3OL4dYca.elf
/tmp/ew3OL4dYca.elf
-
/tmp/ew3OL4dYca.elf
-
/tmp/ew3OL4dYca.elf
-
/tmp/ew3OL4dYca.elf
-
/usr/libexec/gnome-session-binary
-
/bin/sh
/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill
/usr/libexec/gsd-rfkill

Domains

Name
IP
Malicious
tcpdown.su
185.216.70.250
tcpdown.suE
unknown

IPs

IP
Domain
Country
Malicious
172.245.119.63
unknown
United States
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7fc990459000
page read and write
7fca1552c000
page read and write
5569f7454000
page read and write
5569f9452000
page execute and read and write
7fc990470000
page read and write
7fca151bb000
page read and write
7fca151de000
page read and write
5569fa160000
page read and write
5569f71c2000
page execute read
7fca14b5c000
page read and write
7fc990468000
page read and write
7fc99046e000
page read and write
7fca15883000
page read and write
7fca151bb000
page read and write
7fca151fb000
page read and write
5569f9452000
page execute and read and write
5569fa180000
page read and write
5569fa160000
page read and write
5569f744a000
page read and write
7fca10000000
page read and write
7fff90554000
page execute read
7fc990459000
page read and write
7fc990468000
page read and write
7fca14b6a000
page read and write
7fca1552c000
page read and write
7fff90554000
page execute read
5569f71c2000
page execute read
7fca151fb000
page read and write
7fca1583e000
page read and write
5569fa180000
page read and write
5569f7454000
page read and write
7fca151bb000
page read and write
7fca15836000
page read and write
7fca14b6a000
page read and write
7fc990418000
page execute read
7fff9050e000
page read and write
7fca1570d000
page read and write
5569f9469000
page read and write
7fca15883000
page read and write
7fc990418000
page execute read
7fca151fb000
page read and write
7fca1583e000
page read and write
7fca14b5c000
page read and write
7fca14354000
page read and write
7fff90554000
page execute read
7fca1552c000
page read and write
7fca10000000
page read and write
7fca151de000
page read and write
5569f71c2000
page execute read
7fc990474000
page read and write
5569f744a000
page read and write
7fca151de000
page read and write
5569f9469000
page read and write
7fca10000000
page read and write
7fca14354000
page read and write
7fca1570d000
page read and write
5569f9452000
page execute and read and write
7fca10021000
page read and write
7fff9050e000
page read and write
7fca1570d000
page read and write
7fca1583e000
page read and write
7fff9050e000
page read and write
7fca10021000
page read and write
5569f7454000
page read and write
7fc990468000
page read and write
7fca15836000
page read and write
5569f744a000
page read and write
7fca15883000
page read and write
7fca14b6a000
page read and write
7fca15836000
page read and write
7fca14e1a000
page read and write
7fc990459000
page read and write
7fca14e1a000
page read and write
7fc990418000
page execute read
5569f9469000
page read and write
7fca10021000
page read and write
7fca14354000
page read and write
7fca14b5c000
page read and write
5569fa160000
page read and write
7fca14e1a000
page read and write
There are 70 hidden memdumps, click here to show them.