Linux Analysis Report
gk5sduiOpM.elf

Overview

General Information

Sample name: gk5sduiOpM.elf
renamed because original name is a hash value
Original sample name: dc5798b63ec910732be55e786b58736b.elf
Analysis ID: 1430966
MD5: dc5798b63ec910732be55e786b58736b
SHA1: cc0c6f8bb673a14e57d54ebb423fa8422886882e
SHA256: 02a8a462612a1f9d3e1ac1cede877c4d271b2d0389feef64fa014a29d65af1c6
Tags: 64elfmirai
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Detected TCP or UDP traffic on non-standard ports
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: gk5sduiOpM.elf Virustotal: Detection: 20% Perma Link
Source: gk5sduiOpM.elf ReversingLabs: Detection: 13%
Machine Learning detection for sample
Source: gk5sduiOpM.elf Joe Sandbox ML: detected
Found strings indicative of a multi-platform dropper
Source: gk5sduiOpM.elf String: *Apts/ttysocket:[/proc/net/tcp /proc/%d/exepkillkillallechoclearwgetcurlping/pswiresharktcpdumppythonpython3busyboxiptablesrebootinit 6nanonvimmvcdlscatstringshtopgrepbashgdb/mapsmkdirHTTPapt./runshutdown&reboot -fshutdown -rrmftpgettftpncfor
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.14:54444 -> 212.70.149.14:35342
Source: global traffic TCP traffic: 192.168.2.14:37468 -> 212.70.149.10:35342
Sample listens on a socket
Source: /tmp/gk5sduiOpM.elf (PID: 5480) Socket: 127.0.0.1::8345 Jump to behavior
Source: unknown TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown TCP traffic detected without corresponding DNS query: 212.70.149.14
Source: unknown UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown UDP traffic detected without corresponding DNS query: 134.195.4.2
Source: unknown UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown UDP traffic detected without corresponding DNS query: 51.158.108.203
Source: unknown UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown UDP traffic detected without corresponding DNS query: 51.254.162.59
Source: unknown DNS traffic detected: queries for: siegheil.hiter.su

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: gk5sduiOpM.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5480.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda Author: unknown
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1 (init), result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 661, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 725, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 769, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 782, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 785, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 791, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 797, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 801, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 940, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1289, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1299, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1300, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1309, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1364, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1382, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1589, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2955, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2956, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2991, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2997, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2999, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3094, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3120, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3147, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3157, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3632, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3811, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5321, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5466, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5467, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5483, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5484, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5485, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5486, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5503, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5521, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5523, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5529, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5530, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5535, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5536, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5537, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5538, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5539, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5540, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5541, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5542, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5543, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5544, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5545, result: successful Jump to behavior
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: busybox
Source: Initial sample String containing 'busybox' found: *Apts/ttysocket:[/proc/net/tcp /proc/%d/exepkillkillallechoclearwgetcurlping/pswiresharktcpdumppythonpython3busyboxiptablesrebootinit 6nanonvimmvcdlscatstringshtopgrepbashgdb/mapsmkdirHTTPapt./runshutdown&reboot -fshutdown -rrmftpgettftpncfor
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample tries to kill a process (SIGKILL)
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1 (init), result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 490, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 661, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 725, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 726, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 767, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 769, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 780, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 782, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 785, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 791, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 797, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 801, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 940, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1289, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1299, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1300, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1309, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1364, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1382, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 1589, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2955, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2956, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2991, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2997, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 2999, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3094, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3120, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3147, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3157, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3632, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 3811, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5321, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5466, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5467, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5483, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5484, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5485, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5486, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5503, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5521, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5523, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5529, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5530, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5535, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5536, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5537, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5538, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5539, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5540, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5541, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5542, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5543, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5544, result: successful Jump to behavior
Source: /tmp/gk5sduiOpM.elf (PID: 5482) SIGKILL sent: pid: 5545, result: successful Jump to behavior
Yara signature match
Source: gk5sduiOpM.elf, type: SAMPLE Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5484.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5485.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5480.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: 5483.1.0000000000400000.0000000000416000.r-x.sdmp, type: MEMORY Matched rule: Linux_Trojan_Mirai_564b8eda reference_sample = ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 63a9e43902e7db0b7a20498b5a860e36201bacc407e9e336faca0b7cfbc37819, id = 564b8eda-6f0e-45b8-bef6-d61b0f090a36, last_modified = 2021-09-16
Source: classification engine Classification label: mal72.spre.troj.evad.linELF@0/0@16/0

Persistence and Installation Behavior
barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /bin/fusermount (PID: 5522) File: /proc/5522/mounts Jump to behavior
Source: /usr/bin/dbus-daemon (PID: 5536) File: /proc/5536/mounts Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Sample deletes itself
Source: /tmp/gk5sduiOpM.elf (PID: 5480) File: /tmp/gk5sduiOpM.elf Jump to behavior
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /usr/sbin/rsyslogd (PID: 5545) Queries kernel information via 'uname': Jump to behavior
Source: gk5sduiOpM.elf, 5485.1.000000000120c000.000000000120f000.rw-.sdmp Binary or memory string: /tmp/vmware-root_726-2957583432
Source: gk5sduiOpM.elf, 5485.1.000000000120c000.000000000120f000.rw-.sdmp Binary or memory string: A/tmp/vmware-root_726-2957583432AA
Source: gk5sduiOpM.elf, 5485.1.000000000120b000.000000000120c000.rw-.sdmp Binary or memory string: vmware-root_726-2957583432

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
212.70.149.14
 unknown Bulgaria
208410 INTERNET-HOSTINGBG false
212.70.149.10
 security.rebirth-network.su Bulgaria
208410 INTERNET-HOSTINGBG false

Contacted Domains

Name IP Active
security.rebirth-network.su 212.70.149.10 true
siegheil.hiter.su unknown unknown