IOC Report
ZFxJqgzVsv.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.XY66kf2wo4 /tmp/tmp.OMhUYELkKS /tmp/tmp.jJnTyasaRo
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.XY66kf2wo4
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.XY66kf2wo4
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.XY66kf2wo4 /tmp/tmp.OMhUYELkKS /tmp/tmp.jJnTyasaRo
/tmp/ZFxJqgzVsv.elf
/tmp/ZFxJqgzVsv.elf
/tmp/ZFxJqgzVsv.elf
-
/tmp/ZFxJqgzVsv.elf
-
/tmp/ZFxJqgzVsv.elf
-
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
-
/usr/sbin/xfpm-power-backlight-helper
/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
-
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
/usr/bin/dbus-daemon
-
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/systemd/systemd
-
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
There are 32 hidden processes, click here to show them.

IPs

IP
Domain
Country
Malicious
94.158.244.29
unknown
Moldova Republic of
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
7f779840c000
page execute read
 malicious
7f779840c000
page execute read
 malicious
7f779840c000
page execute read
 malicious
7f781d160000
page read and write
7ffea1188000
page read and write
7f781dc4a000
page read and write
7f781dc4a000
page read and write
7ffea11c5000
page execute read
7f781dc4a000
page read and write
7f7818021000
page read and write
5604dfc26000
page read and write
7f781dc52000
page read and write
7f781d7b1000
page read and write
7f781d152000
page read and write
7ffea11c5000
page execute read
5604dc4f1000
page read and write
5604de50e000
page read and write
5604dc4f9000
page read and write
7f781dc52000
page read and write
5604de50e000
page read and write
7f781d3ef000
page read and write
5604de4f7000
page execute and read and write
7f781c94f000
page read and write
7f779841e000
page read and write
7f781dc52000
page read and write
7f781dc97000
page read and write
5604de4f7000
page execute and read and write
5604dfc26000
page read and write
5604dc2db000
page execute read
7f7818000000
page read and write
7f781db21000
page read and write
5604dc4f9000
page read and write
7f781d3ef000
page read and write
7f781db21000
page read and write
7f779841e000
page read and write
7ffea11c5000
page execute read
7f781d152000
page read and write
5604dfc26000
page read and write
5604dc4f1000
page read and write
7f781c94f000
page read and write
7f779841d000
page read and write
7f781d3ef000
page read and write
7f781d7d6000
page read and write
5604dc2db000
page execute read
5604dc4f1000
page read and write
7ffea1188000
page read and write
5604de4f7000
page execute and read and write
5604de50e000
page read and write
7f781c94f000
page read and write
5604dc4f9000
page read and write
7f781dc97000
page read and write
7f779841d000
page read and write
7ffea1188000
page read and write
7f7818000000
page read and write
7f781d160000
page read and write
7f7818021000
page read and write
7f781d7d6000
page read and write
7f779841e000
page read and write
7f7818021000
page read and write
7f781dc97000
page read and write
7f781d160000
page read and write
7f781d7b1000
page read and write
7f779841d000
page read and write
7f7818000000
page read and write
7f781db21000
page read and write
5604dc2db000
page execute read
7f781d7b1000
page read and write
7f781d152000
page read and write
7f781d7d6000
page read and write
There are 59 hidden memdumps, click here to show them.