IOC Report
gk5sduiOpM.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/gk5sduiOpM.elf
/tmp/gk5sduiOpM.elf
/tmp/gk5sduiOpM.elf
-
/tmp/gk5sduiOpM.elf
-
/tmp/gk5sduiOpM.elf
-
/tmp/gk5sduiOpM.elf
-
/tmp/gk5sduiOpM.elf
-
/usr/lib/systemd/systemd
-
/usr/bin/journalctl
/usr/bin/journalctl --smart-relinquish-var
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/usr/bin/pulseaudio
/usr/bin/pulseaudio --daemonize=no --log-target=journal
/usr/libexec/gvfsd-fuse
-
/bin/fusermount
fusermount -u -q -z -- /run/user/1000/gvfs
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/sbin/gdm3
-
/etc/gdm3/PrimeOff/Default
/etc/gdm3/PrimeOff/Default
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/lib/systemd/systemd-journald
/lib/systemd/systemd-journald
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/usr/sbin/rsyslogd
/usr/sbin/rsyslogd -n -iNONE
/usr/lib/systemd/systemd
-
/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
There are 40 hidden processes, click here to show them.

Domains

Name
IP
Malicious
siegheil.hiter.su
unknown
 malicious
security.rebirth-network.su
212.70.149.10

IPs

IP
Domain
Country
Malicious
212.70.149.14
unknown
Bulgaria
212.70.149.10
security.rebirth-network.su
Bulgaria

Memdumps

Base Address
Regiontype
Protect
Malicious
617000
page read and write
416000
page execute read
416000
page execute read
617000
page read and write
120c000
page read and write
7fff5a383000
page read and write
120c000
page read and write
7fff5a3a1000
page execute read
621000
page read and write
7fff5a3a1000
page execute read
617000
page read and write
7fff5a383000
page read and write
7fff5a3a1000
page execute read
120c000
page read and write
120c000
page read and write
7fff5a383000
page read and write
416000
page execute read
621000
page read and write
120e000
page read and write
120d000
page read and write
7fff5a3a1000
page execute read
621000
page read and write
7fff5a383000
page read and write
617000
page read and write
621000
page read and write
416000
page execute read
120f000
page read and write
There are 17 hidden memdumps, click here to show them.