IOC Report

loading gif

Files

File Path
Type
Category
Malicious
beamer.arm7-20211202-2350
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
initial sample
 malicious
/var/cache/man/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/index.db.wk1uiv
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/index.db.qgrMjv
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/index.db.ACgHvu
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/index.db.zeaUEt
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/index.db.Kk2dlr
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/index.db.ZPE3Gu
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/index.db.TuXJtt
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/index.db.fr0jJr
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/index.db.Pzf5Ps
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/index.db.dAjxbr
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/index.db.Ik5ltt
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/index.db.GwIJZt
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/index.db.buwzVt
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/index.db.XuJJss
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/index.db.q5ppiu
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/index.db.Rl79ou
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/index.db.J5jb1u
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/index.db.OCpg1s
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/index.db.MHfKPq
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/index.db.9uldJs
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/index.db.DPUSSr
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/index.db.UTTpjv
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/index.db.1ku4gr
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/index.db.cSGWjt
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/5267
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/index.db.8bdRas
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/lib/logrotate/status.tmp
ASCII text
dropped
 clean
/var/log/cups/access_log.1.gz
gzip compressed data, last modified: Thu Dec 2 23:56:56 2021, from Unix
dropped
 clean
/var/log/syslog.1.gz
gzip compressed data, last modified: Thu Dec 2 23:56:56 2021, from Unix
dropped
 clean
There are 44 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/lib/systemd/systemd
n/a
 clean
/usr/sbin/logrotate
/usr/sbin/logrotate /etc/logrotate.conf
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
 clean
/bin/sh
n/a
 clean
/usr/sbin/invoke-rc.d
invoke-rc.d --quiet cups restart
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/sbin/runlevel
/sbin/runlevel
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-enabled cups.service
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/ls
ls /etc/rc[S2345].d/S[0-9][0-9]cups
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-active cups.service
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
 clean
/bin/sh
n/a
 clean
/usr/lib/rsyslog/rsyslog-rotate
/usr/lib/rsyslog/rsyslog-rotate
 clean
/usr/lib/rsyslog/rsyslog-rotate
n/a
 clean
/usr/bin/systemctl
systemctl kill -s HUP rsyslog.service
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/install
/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/find
/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/mandb
/usr/bin/mandb --quiet
 clean
/tmp/beamer.arm7-20211202-2350
/tmp/beamer.arm7-20211202-2350
 clean
/tmp/beamer.arm7-20211202-2350
n/a
 clean
/tmp/beamer.arm7-20211202-2350
n/a
 clean
/tmp/beamer.arm7-20211202-2350
n/a
 clean
There are 24 hidden processes, click here to show them.

IPs

IP
Domain
Country
Malicious
45.134.225.20
unknown
Germany
clean
109.202.202.202
unknown
Switzerland
clean
91.189.91.43
unknown
United Kingdom
clean
91.189.91.42
unknown
United Kingdom
clean