Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/sbin/update-rc.d

/usr/bin/perl /usr/sbin/update-rc.d 4ljhdTTyiA defaults

/usr/sbin/update-rc.d

n/a

/usr/lib/insserv/insserv

/usr/lib/insserv/insserv 4ljhdTTyiA

/usr/sbin/update-rc.d

n/a

/bin/systemctl

systemctl daemon-reload

/tmp/4ljhdTTyiA

n/a

/bin/dash

sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

/bin/dash

n/a

/bin/sed

sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/jjltawydwf

/usr/bin/jjltawydwf "ls -la" 4554

/usr/bin/jjltawydwf

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/jjltawydwf

/usr/bin/jjltawydwf "ifconfig eth0" 4554

/usr/bin/jjltawydwf

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/jjltawydwf

/usr/bin/jjltawydwf "sleep 1" 4554

/usr/bin/jjltawydwf

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/jjltawydwf

/usr/bin/jjltawydwf "ps -ef" 4554

/usr/bin/jjltawydwf

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/jjltawydwf

/usr/bin/jjltawydwf pwd 4554

/usr/bin/jjltawydwf

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ouhdchrbdz

/usr/bin/ouhdchrbdz sh 4554

/usr/bin/ouhdchrbdz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ouhdchrbdz

/usr/bin/ouhdchrbdz whoami 4554

/usr/bin/ouhdchrbdz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ouhdchrbdz

/usr/bin/ouhdchrbdz "echo \"find\"" 4554

/usr/bin/ouhdchrbdz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ouhdchrbdz

/usr/bin/ouhdchrbdz "netstat -antop" 4554

/usr/bin/ouhdchrbdz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ouhdchrbdz

/usr/bin/ouhdchrbdz "grep \"A\"" 4554

/usr/bin/ouhdchrbdz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/fcxqfstrdm

/usr/bin/fcxqfstrdm "netstat -an" 4554

/usr/bin/fcxqfstrdm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/fcxqfstrdm

/usr/bin/fcxqfstrdm uptime 4554

/usr/bin/fcxqfstrdm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/fcxqfstrdm

/usr/bin/fcxqfstrdm pwd 4554

/usr/bin/fcxqfstrdm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/fcxqfstrdm

/usr/bin/fcxqfstrdm bash 4554

/usr/bin/fcxqfstrdm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/fcxqfstrdm

/usr/bin/fcxqfstrdm ifconfig 4554

/usr/bin/fcxqfstrdm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dxeguomyxc

/usr/bin/dxeguomyxc "sleep 1" 4554

/usr/bin/dxeguomyxc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dxeguomyxc

/usr/bin/dxeguomyxc "ifconfig eth0" 4554

/usr/bin/dxeguomyxc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dxeguomyxc

/usr/bin/dxeguomyxc "netstat -an" 4554

/usr/bin/dxeguomyxc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dxeguomyxc

/usr/bin/dxeguomyxc top 4554

/usr/bin/dxeguomyxc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dxeguomyxc

/usr/bin/dxeguomyxc ls 4554

/usr/bin/dxeguomyxc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ctrygxclrx

/usr/bin/ctrygxclrx su 4554

/usr/bin/ctrygxclrx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ctrygxclrx

/usr/bin/ctrygxclrx "ifconfig eth0" 4554

/usr/bin/ctrygxclrx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ctrygxclrx

/usr/bin/ctrygxclrx "netstat -an" 4554

/usr/bin/ctrygxclrx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ctrygxclrx

/usr/bin/ctrygxclrx "grep \"A\"" 4554

/usr/bin/ctrygxclrx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ctrygxclrx

/usr/bin/ctrygxclrx "sleep 1" 4554

/usr/bin/ctrygxclrx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/gqczobuacc

/usr/bin/gqczobuacc "grep \"A\"" 4554

/usr/bin/gqczobuacc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/gqczobuacc

/usr/bin/gqczobuacc "sleep 1" 4554

/usr/bin/gqczobuacc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/gqczobuacc

/usr/bin/gqczobuacc su 4554

/usr/bin/gqczobuacc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/gqczobuacc

/usr/bin/gqczobuacc "netstat -an" 4554

/usr/bin/gqczobuacc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/gqczobuacc

/usr/bin/gqczobuacc "ps -ef" 4554

/usr/bin/gqczobuacc

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/uoewtvxqdd

/usr/bin/uoewtvxqdd "ps -ef" 4554

/usr/bin/uoewtvxqdd

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/uoewtvxqdd

/usr/bin/uoewtvxqdd gnome-terminal 4554

/usr/bin/uoewtvxqdd

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/uoewtvxqdd

/usr/bin/uoewtvxqdd ifconfig 4554

/usr/bin/uoewtvxqdd

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/uoewtvxqdd

/usr/bin/uoewtvxqdd id 4554

/usr/bin/uoewtvxqdd

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/uoewtvxqdd

/usr/bin/uoewtvxqdd "route -n" 4554

/usr/bin/uoewtvxqdd

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/rlyjyybyum

/usr/bin/rlyjyybyum "route -n" 4554

/usr/bin/rlyjyybyum

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/rlyjyybyum

/usr/bin/rlyjyybyum "grep \"A\"" 4554

/usr/bin/rlyjyybyum

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/rlyjyybyum

/usr/bin/rlyjyybyum "ls -la" 4554

/usr/bin/rlyjyybyum

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/rlyjyybyum

/usr/bin/rlyjyybyum "sleep 1" 4554

/usr/bin/rlyjyybyum

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/rlyjyybyum

/usr/bin/rlyjyybyum "cd /etc" 4554

/usr/bin/rlyjyybyum

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tjdqviitkh

/usr/bin/tjdqviitkh "netstat -antop" 4554

/usr/bin/tjdqviitkh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tjdqviitkh

/usr/bin/tjdqviitkh "ps -ef" 4554

/usr/bin/tjdqviitkh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tjdqviitkh

/usr/bin/tjdqviitkh "ps -ef" 4554

/usr/bin/tjdqviitkh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tjdqviitkh

/usr/bin/tjdqviitkh who 4554

/usr/bin/tjdqviitkh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tjdqviitkh

/usr/bin/tjdqviitkh "route -n" 4554

/usr/bin/tjdqviitkh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aspbnnkmso

/usr/bin/aspbnnkmso top 4554

/usr/bin/aspbnnkmso

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aspbnnkmso

/usr/bin/aspbnnkmso whoami 4554

/usr/bin/aspbnnkmso

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aspbnnkmso

/usr/bin/aspbnnkmso "route -n" 4554

/usr/bin/aspbnnkmso

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aspbnnkmso

/usr/bin/aspbnnkmso bash 4554

/usr/bin/aspbnnkmso

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aspbnnkmso

/usr/bin/aspbnnkmso sh 4554

/usr/bin/aspbnnkmso

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lgnmbyzzlq

/usr/bin/lgnmbyzzlq bash 4554

/usr/bin/lgnmbyzzlq

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lgnmbyzzlq

/usr/bin/lgnmbyzzlq "sleep 1" 4554

/usr/bin/lgnmbyzzlq

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lgnmbyzzlq

/usr/bin/lgnmbyzzlq "ps -ef" 4554

/usr/bin/lgnmbyzzlq

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lgnmbyzzlq

/usr/bin/lgnmbyzzlq bash 4554

/usr/bin/lgnmbyzzlq

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lgnmbyzzlq

/usr/bin/lgnmbyzzlq ifconfig 4554

/usr/bin/lgnmbyzzlq

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nyavevzqtw

/usr/bin/nyavevzqtw "netstat -antop" 4554

/usr/bin/nyavevzqtw

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nyavevzqtw

/usr/bin/nyavevzqtw "cat resolv.conf" 4554

/usr/bin/nyavevzqtw

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nyavevzqtw

/usr/bin/nyavevzqtw "ls -la" 4554

/usr/bin/nyavevzqtw

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nyavevzqtw

/usr/bin/nyavevzqtw "ifconfig eth0" 4554

/usr/bin/nyavevzqtw

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nyavevzqtw

/usr/bin/nyavevzqtw "echo \"find\"" 4554

/usr/bin/nyavevzqtw

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tstbdpivhl

/usr/bin/tstbdpivhl "echo \"find\"" 4554

/usr/bin/tstbdpivhl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tstbdpivhl

/usr/bin/tstbdpivhl "netstat -antop" 4554

/usr/bin/tstbdpivhl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tstbdpivhl

/usr/bin/tstbdpivhl "netstat -antop" 4554

/usr/bin/tstbdpivhl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tstbdpivhl

/usr/bin/tstbdpivhl "ifconfig eth0" 4554

/usr/bin/tstbdpivhl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/tstbdpivhl

/usr/bin/tstbdpivhl uptime 4554

/usr/bin/tstbdpivhl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lndoiatrux

/usr/bin/lndoiatrux pwd 4554

/usr/bin/lndoiatrux

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lndoiatrux

/usr/bin/lndoiatrux id 4554

/usr/bin/lndoiatrux

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lndoiatrux

/usr/bin/lndoiatrux id 4554

/usr/bin/lndoiatrux

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lndoiatrux

/usr/bin/lndoiatrux "cd /etc" 4554

/usr/bin/lndoiatrux

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/lndoiatrux

/usr/bin/lndoiatrux "grep \"A\"" 4554

/usr/bin/lndoiatrux

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nefhkhnwwh

/usr/bin/nefhkhnwwh whoami 4554

/usr/bin/nefhkhnwwh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nefhkhnwwh

/usr/bin/nefhkhnwwh bash 4554

/usr/bin/nefhkhnwwh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nefhkhnwwh

/usr/bin/nefhkhnwwh id 4554

/usr/bin/nefhkhnwwh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nefhkhnwwh

/usr/bin/nefhkhnwwh uptime 4554

/usr/bin/nefhkhnwwh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/nefhkhnwwh

/usr/bin/nefhkhnwwh top 4554

/usr/bin/nefhkhnwwh

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/bjhmdsecwa

/usr/bin/bjhmdsecwa pwd 4554

/usr/bin/bjhmdsecwa

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/bjhmdsecwa

/usr/bin/bjhmdsecwa ifconfig 4554

/usr/bin/bjhmdsecwa

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/bjhmdsecwa

/usr/bin/bjhmdsecwa "ifconfig eth0" 4554

/usr/bin/bjhmdsecwa

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/bjhmdsecwa

/usr/bin/bjhmdsecwa whoami 4554

/usr/bin/bjhmdsecwa

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/bjhmdsecwa

/usr/bin/bjhmdsecwa "route -n" 4554

/usr/bin/bjhmdsecwa

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/otvvhyamws

/usr/bin/otvvhyamws pwd 4554

/usr/bin/otvvhyamws

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/otvvhyamws

/usr/bin/otvvhyamws pwd 4554

/usr/bin/otvvhyamws

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/otvvhyamws

/usr/bin/otvvhyamws ifconfig 4554

/usr/bin/otvvhyamws

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/otvvhyamws

/usr/bin/otvvhyamws uptime 4554

/usr/bin/otvvhyamws

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/otvvhyamws

/usr/bin/otvvhyamws pwd 4554

/usr/bin/otvvhyamws

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aysistkyqn

/usr/bin/aysistkyqn top 4554

/usr/bin/aysistkyqn

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aysistkyqn

/usr/bin/aysistkyqn who 4554

/usr/bin/aysistkyqn

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aysistkyqn

/usr/bin/aysistkyqn id 4554

/usr/bin/aysistkyqn

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aysistkyqn

/usr/bin/aysistkyqn uptime 4554

/usr/bin/aysistkyqn

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/aysistkyqn

/usr/bin/aysistkyqn "route -n" 4554

/usr/bin/aysistkyqn

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/flwslywqdx

/usr/bin/flwslywqdx uptime 4554

/usr/bin/flwslywqdx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/flwslywqdx

/usr/bin/flwslywqdx "echo \"find\"" 4554

/usr/bin/flwslywqdx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/flwslywqdx

/usr/bin/flwslywqdx "echo \"find\"" 4554

/usr/bin/flwslywqdx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/flwslywqdx

/usr/bin/flwslywqdx bash 4554

/usr/bin/flwslywqdx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/flwslywqdx

/usr/bin/flwslywqdx ls 4554

/usr/bin/flwslywqdx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/neofzderab

/usr/bin/neofzderab gnome-terminal 4554

/usr/bin/neofzderab

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/neofzderab

/usr/bin/neofzderab "cat resolv.conf" 4554

/usr/bin/neofzderab

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/neofzderab

/usr/bin/neofzderab "grep \"A\"" 4554

/usr/bin/neofzderab

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/neofzderab

/usr/bin/neofzderab "route -n" 4554

/usr/bin/neofzderab

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/neofzderab

/usr/bin/neofzderab uptime 4554

/usr/bin/neofzderab

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/yxfexdyggl

/usr/bin/yxfexdyggl bash 4554

/usr/bin/yxfexdyggl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/yxfexdyggl

/usr/bin/yxfexdyggl "ls -la" 4554

/usr/bin/yxfexdyggl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/yxfexdyggl

/usr/bin/yxfexdyggl "ps -ef" 4554

/usr/bin/yxfexdyggl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/yxfexdyggl

/usr/bin/yxfexdyggl whoami 4554

/usr/bin/yxfexdyggl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/yxfexdyggl

/usr/bin/yxfexdyggl ls 4554

/usr/bin/yxfexdyggl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/taocfwkdjv

/usr/bin/taocfwkdjv sh 4554

/usr/bin/taocfwkdjv

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/taocfwkdjv

/usr/bin/taocfwkdjv "ls -la" 4554

/usr/bin/taocfwkdjv

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/taocfwkdjv

/usr/bin/taocfwkdjv "netstat -antop" 4554

/usr/bin/taocfwkdjv

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/taocfwkdjv

/usr/bin/taocfwkdjv whoami 4554

/usr/bin/taocfwkdjv

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/taocfwkdjv

/usr/bin/taocfwkdjv "netstat -an" 4554

/usr/bin/taocfwkdjv

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vhplhrsffz

/usr/bin/vhplhrsffz "netstat -an" 4554

/usr/bin/vhplhrsffz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vhplhrsffz

/usr/bin/vhplhrsffz id 4554

/usr/bin/vhplhrsffz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vhplhrsffz

/usr/bin/vhplhrsffz "ps -ef" 4554

/usr/bin/vhplhrsffz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vhplhrsffz

/usr/bin/vhplhrsffz whoami 4554

/usr/bin/vhplhrsffz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vhplhrsffz

/usr/bin/vhplhrsffz "netstat -an" 4554

/usr/bin/vhplhrsffz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vdaqfdcrtx

/usr/bin/vdaqfdcrtx "cd /etc" 4554

/usr/bin/vdaqfdcrtx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vdaqfdcrtx

/usr/bin/vdaqfdcrtx id 4554

/usr/bin/vdaqfdcrtx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vdaqfdcrtx

/usr/bin/vdaqfdcrtx top 4554

/usr/bin/vdaqfdcrtx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vdaqfdcrtx

/usr/bin/vdaqfdcrtx whoami 4554

/usr/bin/vdaqfdcrtx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vdaqfdcrtx

/usr/bin/vdaqfdcrtx sh 4554

/usr/bin/vdaqfdcrtx

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vyvijtmtnz

/usr/bin/vyvijtmtnz "ifconfig eth0" 4554

/usr/bin/vyvijtmtnz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vyvijtmtnz

/usr/bin/vyvijtmtnz bash 4554

/usr/bin/vyvijtmtnz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vyvijtmtnz

/usr/bin/vyvijtmtnz "netstat -antop" 4554

/usr/bin/vyvijtmtnz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vyvijtmtnz

/usr/bin/vyvijtmtnz "ifconfig eth0" 4554

/usr/bin/vyvijtmtnz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vyvijtmtnz

/usr/bin/vyvijtmtnz "ifconfig eth0" 4554

/usr/bin/vyvijtmtnz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vggdimllrz

/usr/bin/vggdimllrz who 4554

/usr/bin/vggdimllrz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vggdimllrz

/usr/bin/vggdimllrz "sleep 1" 4554

/usr/bin/vggdimllrz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vggdimllrz

/usr/bin/vggdimllrz sh 4554

/usr/bin/vggdimllrz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vggdimllrz

/usr/bin/vggdimllrz bash 4554

/usr/bin/vggdimllrz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/vggdimllrz

/usr/bin/vggdimllrz "grep \"A\"" 4554

/usr/bin/vggdimllrz

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dowmukqhnk

/usr/bin/dowmukqhnk ifconfig 4554

/usr/bin/dowmukqhnk

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dowmukqhnk

/usr/bin/dowmukqhnk ls 4554

/usr/bin/dowmukqhnk

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dowmukqhnk

/usr/bin/dowmukqhnk "ps -ef" 4554

/usr/bin/dowmukqhnk

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dowmukqhnk

/usr/bin/dowmukqhnk "sleep 1" 4554

/usr/bin/dowmukqhnk

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/dowmukqhnk

/usr/bin/dowmukqhnk ls 4554

/usr/bin/dowmukqhnk

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ejrpibbjio

/usr/bin/ejrpibbjio "echo \"find\"" 4554

/usr/bin/ejrpibbjio

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ejrpibbjio

/usr/bin/ejrpibbjio "cd /etc" 4554

/usr/bin/ejrpibbjio

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ejrpibbjio

/usr/bin/ejrpibbjio "grep \"A\"" 4554

/usr/bin/ejrpibbjio

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ejrpibbjio

/usr/bin/ejrpibbjio "ls -la" 4554

/usr/bin/ejrpibbjio

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ejrpibbjio

/usr/bin/ejrpibbjio "sleep 1" 4554

/usr/bin/ejrpibbjio

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ztfvwcbmzm

/usr/bin/ztfvwcbmzm "echo \"find\"" 4554

/usr/bin/ztfvwcbmzm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ztfvwcbmzm

/usr/bin/ztfvwcbmzm whoami 4554

/usr/bin/ztfvwcbmzm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ztfvwcbmzm

/usr/bin/ztfvwcbmzm gnome-terminal 4554

/usr/bin/ztfvwcbmzm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ztfvwcbmzm

/usr/bin/ztfvwcbmzm sh 4554

/usr/bin/ztfvwcbmzm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/ztfvwcbmzm

/usr/bin/ztfvwcbmzm sh 4554

/usr/bin/ztfvwcbmzm

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/getzgxvgyl

/usr/bin/getzgxvgyl "cat resolv.conf" 4554

/usr/bin/getzgxvgyl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/getzgxvgyl

/usr/bin/getzgxvgyl "echo \"find\"" 4554

/usr/bin/getzgxvgyl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/getzgxvgyl

/usr/bin/getzgxvgyl "ls -la" 4554

/usr/bin/getzgxvgyl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/getzgxvgyl

/usr/bin/getzgxvgyl gnome-terminal 4554

/usr/bin/getzgxvgyl

n/a

/tmp/4ljhdTTyiA

n/a

/tmp/4ljhdTTyiA

n/a

/usr/bin/getzgxvgyl

/usr/bin/getzgxvgyl "netstat -antop" 4554

/usr/bin/getzgxvgyl

n/a

There are 605 hidden processes, click here to show them.

URLs

Name

Malicious

http://aaa.dsaj2a.org/config.rar

23.253.46.64

Details

Name:	http://aaa.dsaj2a.org/config.rar
IP:	23.253.46.64
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking
IP address seen in connection with other malware	Networking
URLs found in memory or binary data	Networking

http://www.gnu.org/software/libc/bugs.html

unknown

Details

Name:	http://www.gnu.org/software/libc/bugs.html
TargetID:	17745
From Memory:	true
Source:	4ljhdTTyiA, 4551.1.0000000008048000.00000000080cf000.r-x.sdmp
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

http://aaa.dsaj2a.org/config.rar7.com:53

unknown

Details

Name:	http://aaa.dsaj2a.org/config.rar7.com:53
TargetID:	17745
From Memory:	true
Source:	4ljhdTTyiA, 4551.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4555.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4655.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4713.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4768.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4823.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4878.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4933.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 4988.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5043.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5100.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5155.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5210.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5265.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5320.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5375.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5430.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5485.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp, 4ljhdTTyiA, 5540.1.00000000ff9cc000.00000000ff9ed000.rw-.sdmp

Signature Hits	Behavior Group	Mitre Attack
URLs found in memory or binary data	Networking

Domains

Name

Malicious

aaa.dsaj2a.org

23.253.46.64

Details

Name:	aaa.dsaj2a.org
IP:	23.253.46.64
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

ww.dnstells.com

204.11.56.48

Details

Name:	ww.dnstells.com
IP:	204.11.56.48
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for domain / URL	AV Detection
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking
Detected non-DNS traffic on DNS port	Networking

ww.gzcfr5axf6.com

104.161.25.33

Details

Name:	ww.gzcfr5axf6.com
IP:	104.161.25.33
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking
Detected non-DNS traffic on DNS port	Networking

ww.gzcfr5axf7.com

unknown

IPs

Domain

Country

Malicious

23.253.46.64

aaa.dsaj2a.org

United States

Details

IP:	23.253.46.64
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	19994
ASN name:	RACKSPACEUS
Private:	false
Domain:	aaa.dsaj2a.org

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)	Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs