IOC Report

loading gif

Files

File Path
Type
Category
Malicious
TbbAwD2rFF
ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
initial sample
 malicious
/var/cache/man/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/index.db.ZlfNLj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/index.db.sZ1J7g
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/index.db.EXpqJj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/index.db.TpFo5g
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/index.db.7peRtj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/index.db.D3DIYh
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/index.db.Yx7RGg
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/index.db.BJ7edg
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/index.db.sHXoSi
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/index.db.vdaV8j
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/index.db.UKja7g
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/index.db.GcsYBg
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/index.db.vELFYg
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/index.db.9vbCii
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/index.db.1Otz8j
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/index.db.sAiATj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/index.db.fJjuVg
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/index.db.zXneXj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/index.db.xcURIj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/index.db.C60XUi
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/index.db.N0CRBj
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/index.db.sPkX6g
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/index.db.0eOtsi
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/index.db.AdkVik
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/5225
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/index.db.vXE6tg
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/lib/logrotate/status.tmp
ASCII text
dropped
 clean
/var/log/cups/access_log.1.gz
gzip compressed data, last modified: Fri Jan 14 23:58:01 2022, from Unix
dropped
 clean
/var/log/syslog.1.gz
gzip compressed data, last modified: Fri Jan 14 23:58:02 2022, from Unix
dropped
 clean
There are 44 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/lib/systemd/systemd
n/a
 clean
/usr/sbin/logrotate
/usr/sbin/logrotate /etc/logrotate.conf
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
 clean
/bin/sh
n/a
 clean
/usr/sbin/invoke-rc.d
invoke-rc.d --quiet cups restart
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/sbin/runlevel
/sbin/runlevel
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-enabled cups.service
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/ls
ls /etc/rc[S2345].d/S[0-9][0-9]cups
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-active cups.service
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
 clean
/bin/sh
n/a
 clean
/usr/lib/rsyslog/rsyslog-rotate
/usr/lib/rsyslog/rsyslog-rotate
 clean
/usr/lib/rsyslog/rsyslog-rotate
n/a
 clean
/usr/bin/systemctl
systemctl kill -s HUP rsyslog.service
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/install
/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/find
/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/mandb
/usr/bin/mandb --quiet
 clean
/tmp/TbbAwD2rFF
/tmp/TbbAwD2rFF
 clean
/usr/bin/dash
n/a
 clean
/usr/bin/rm
rm -f /tmp/tmp.usZgbwIR1M /tmp/tmp.mj4Q8ra5Vb /tmp/tmp.WjKA4MytJL
 clean
There are 23 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
 clean

IPs

IP
Domain
Country
Malicious
34.249.145.219
unknown
United States
clean
113.102.205.192
unknown
China
clean
190.108.87.214
unknown
Peru
clean
185.94.98.38
unknown
Iran (ISLAMIC Republic Of)
clean
14.167.206.80
unknown
Viet Nam
clean
109.202.202.202
unknown
Switzerland
clean
178.219.124.78
unknown
Poland
clean
91.189.91.43
unknown
United Kingdom
clean
193.49.58.83
unknown
France
clean
91.189.91.42
unknown
United Kingdom
clean