IOC Report
QSZX0h5asQ

loading gif

Processes

Path
Cmdline
Malicious
/tmp/QSZX0h5asQ
/tmp/QSZX0h5asQ
/tmp/QSZX0h5asQ
n/a
/tmp/QSZX0h5asQ
n/a
/tmp/QSZX0h5asQ
n/a
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
/bin/sh
n/a
/usr/bin/rm
rm -rf /tmp/QSZX0h5asQ /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/hsperfdata_root /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "rm -rf /var/log/wtmp"
/bin/sh
n/a
/usr/bin/rm
rm -rf /var/log/wtmp
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "rm -rf /tmp/*"
/bin/sh
n/a
/usr/bin/rm
rm -rf /tmp/*
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "rm -rf /bin/netstat"
/bin/sh
n/a
/usr/bin/rm
rm -rf /bin/netstat
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "pkill -9 busybox"
/bin/sh
n/a
/usr/bin/pkill
pkill -9 busybox
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "pkill -9 perl"
/bin/sh
n/a
/usr/bin/pkill
pkill -9 perl
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "pkill -9 python"
/bin/sh
n/a
/usr/bin/pkill
pkill -9 python
/tmp/QSZX0h5asQ
n/a
/bin/sh
sh -c "iptables -A INPUT -j DROP"
/bin/sh
n/a
/usr/sbin/iptables
iptables -A INPUT -j DROP
There are 26 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

IPs

IP
Domain
Country
Malicious
172.245.210.119
unknown
United States
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom