IOC Report

loading gif

Files

File Path
Type
Category
Malicious
apL.mips-20220121-0317
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/run/systemd/resolve/stub-resolv.conf
ASCII text
dropped
/tmp/qemu-open.JEqahA (deleted)
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/tmp/apL.mips-20220121-0317
/tmp/apL.mips-20220121-0317
/tmp/apL.mips-20220121-0317
n/a
/tmp/apL.mips-20220121-0317
n/a
/tmp/apL.mips-20220121-0317
n/a
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
/bin/sh
n/a
/usr/bin/rm
rm -rf /tmp/apL.mips-20220121-0317 /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/tmp.qtPPbjdkIb /tmp/tmp.tvSNtKHMtv /tmp/tmp.xTL7lOZ5v5 /tmp/vmware-root_721-4290559889 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "rm -rf /var/log/wtmp"
/bin/sh
n/a
/usr/bin/rm
rm -rf /var/log/wtmp
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "rm -rf /tmp/*"
/bin/sh
n/a
/usr/bin/rm
rm -rf /tmp/*
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "rm -rf /bin/netstat"
/bin/sh
n/a
/usr/bin/rm
rm -rf /bin/netstat
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "iptables -F"
/bin/sh
n/a
/usr/sbin/iptables
iptables -F
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "pkill -9 busybox"
/bin/sh
n/a
/usr/bin/pkill
pkill -9 busybox
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "pkill -9 perl"
/bin/sh
n/a
/usr/bin/pkill
pkill -9 perl
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "pkill -9 python"
/bin/sh
n/a
/usr/bin/pkill
pkill -9 python
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "service iptables stop"
/bin/sh
n/a
/usr/sbin/service
service iptables stop
/usr/sbin/service
n/a
/usr/bin/basename
basename /usr/sbin/service
/usr/sbin/service
n/a
/usr/bin/basename
basename /usr/sbin/service
/usr/sbin/service
n/a
/usr/bin/systemctl
systemctl --quiet is-active multi-user.target
/usr/sbin/service
n/a
/usr/sbin/service
n/a
/usr/bin/systemctl
systemctl list-unit-files --full --type=socket
/usr/sbin/service
n/a
/usr/bin/sed
sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
/usr/bin/systemctl
systemctl stop iptables.service
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "/sbin/iptables -F; /sbin/iptables -X"
/bin/sh
n/a
/sbin/iptables
/sbin/iptables -F
/bin/sh
n/a
/sbin/iptables
/sbin/iptables -X
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "service firewalld stop"
/bin/sh
n/a
/usr/sbin/service
service firewalld stop
/usr/sbin/service
n/a
/usr/bin/basename
basename /usr/sbin/service
/usr/sbin/service
n/a
/usr/bin/basename
basename /usr/sbin/service
/usr/sbin/service
n/a
/usr/bin/systemctl
systemctl --quiet is-active multi-user.target
/usr/sbin/service
n/a
/usr/sbin/service
n/a
/usr/bin/systemctl
systemctl list-unit-files --full --type=socket
/usr/sbin/service
n/a
/usr/bin/sed
sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
/usr/bin/systemctl
systemctl stop firewalld.service
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "rm -rf ~/.bash_history"
/bin/sh
n/a
/usr/bin/rm
rm -rf /root/.bash_history
/tmp/apL.mips-20220121-0317
n/a
/bin/sh
sh -c "history -c"
/usr/bin/dash
n/a
/usr/bin/cat
cat /tmp/tmp.qtPPbjdkIb
/usr/bin/dash
n/a
/usr/bin/head
head -n 10
/usr/bin/dash
n/a
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -80
/usr/bin/dash
n/a
/usr/bin/cat
cat /tmp/tmp.qtPPbjdkIb
/usr/bin/dash
n/a
/usr/bin/head
head -n 10
/usr/bin/dash
n/a
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -80
/usr/bin/dash
n/a
/usr/bin/rm
rm -f /tmp/tmp.qtPPbjdkIb /tmp/tmp.tvSNtKHMtv /tmp/tmp.xTL7lOZ5v5
There are 88 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

IPs

IP
Domain
Country
Malicious
54.171.230.55
unknown
United States
123.178.234.190
unknown
China
36.65.75.239
unknown
Indonesia
192.236.160.175
unknown
United States
109.202.202.202
unknown
Switzerland
123.17.44.158
unknown
Viet Nam
91.189.91.43
unknown
United Kingdom
60.220.215.198
unknown
China
91.189.91.42
unknown
United Kingdom