IOC Report
EKXxSJDt9M

loading gif

Files

File Path
Type
Category
Malicious
EKXxSJDt9M
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
initial sample
malicious
/tmp/tmp.KNItEUZoGw
UTF-8 Unicode text
dropped
/tmp/tmp.prLdOPAcfV
ASCII text
dropped
/var/cache/motd-news
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/usr/bin/python3.8
n/a
/usr/bin/uname
uname -p
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -40 /tmp/tmp.cnYNqYQvB7
/usr/bin/dash
n/a
/usr/bin/tr
tr -c -d [:alnum:]
/usr/bin/dash
n/a
/usr/bin/wget
wget --timeout 60 -U "wget/1.20.3-1ubuntu1 Ubuntu/20.04.2/LTS GNU/Linux/5.4.0-72-generic/x86_64 Intel(R)/Xeon(R)/Silver/4210/CPU/@/2.20GHz cloud_id/none" -O- --content-on-error https://motd.ubuntu.com
/usr/bin/dash
n/a
/usr/bin/cat
cat /tmp/tmp.prLdOPAcfV
/usr/bin/dash
n/a
/usr/bin/head
head -n 10
/usr/bin/dash
n/a
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -80
/usr/bin/dash
n/a
/usr/bin/cat
cat /tmp/tmp.prLdOPAcfV
/usr/bin/dash
n/a
/usr/bin/head
head -n 10
/usr/bin/dash
n/a
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -80
/usr/bin/dash
n/a
/usr/bin/rm
rm -f /tmp/tmp.prLdOPAcfV /tmp/tmp.KNItEUZoGw /tmp/tmp.cnYNqYQvB7
/tmp/EKXxSJDt9M
/tmp/EKXxSJDt9M
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
/tmp/EKXxSJDt9M
n/a
There are 26 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://45.95.55.16/bins/x86
unknown
malicious
http://45.95.55.16/8UsA.sh;
unknown
malicious
https://motd.ubuntu.com/
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
https://ubuntu.com/blog/microk8s-memory-optimisation
unknown
http://192.168.0.14:80/cgi-bin/ViewLog.asp
94.225.64.185
http://schemas.xmlsoap.org/soap/envelope/
unknown

IPs

IP
Domain
Country
Malicious
85.121.58.170
unknown
Romania
197.128.22.105
unknown
Morocco
85.33.66.110
unknown
Italy
43.4.184.91
unknown
Japan
197.51.4.207
unknown
Egypt
126.75.102.71
unknown
Japan
153.130.47.171
unknown
Japan
31.253.231.50
unknown
Germany
112.143.42.6
unknown
Thailand
94.122.216.129
unknown
Turkey
95.6.137.22
unknown
Turkey
146.164.151.1
unknown
Brazil
188.83.219.191
unknown
Portugal
31.162.185.176
unknown
Russian Federation
94.227.247.148
unknown
Belgium
85.83.182.117
unknown
Denmark
95.38.211.227
unknown
Iran (ISLAMIC Republic Of)
94.122.78.77
unknown
Turkey
149.170.166.38
unknown
United Kingdom
85.128.224.42
unknown
Poland
95.145.60.14
unknown
United Kingdom
41.8.13.30
unknown
South Africa
157.214.20.155
unknown
United States
88.44.61.8
unknown
Italy
41.115.200.82
unknown
South Africa
45.226.115.216
unknown
Colombia
41.187.159.160
unknown
Egypt
95.134.40.0
unknown
Ukraine
94.194.150.71
unknown
United Kingdom
216.65.83.159
unknown
Canada
95.156.28.251
unknown
Macedonia
94.25.52.49
unknown
Russian Federation
95.38.211.212
unknown
Iran (ISLAMIC Republic Of)
85.182.60.121
unknown
Germany
94.224.166.168
unknown
Belgium
94.70.94.45
unknown
Greece
94.66.233.224
unknown
Greece
112.156.19.193
unknown
Korea Republic of
182.235.150.172
unknown
Taiwan; Republic of China (ROC)
41.248.235.166
unknown
Morocco
85.173.96.238
unknown
Russian Federation
62.132.39.167
unknown
Germany
95.239.40.24
unknown
Italy
222.165.249.249
unknown
Indonesia
85.43.244.63
unknown
Italy
85.83.182.136
unknown
Denmark
74.240.110.141
unknown
United States
31.77.234.29
unknown
United Kingdom
94.207.100.149
unknown
United Arab Emirates
193.191.207.96
unknown
Belgium
31.86.186.144
unknown
United Kingdom
173.111.92.200
unknown
United States
141.178.220.6
unknown
Japan
31.238.25.133
unknown
Germany
174.237.27.187
unknown
United States
94.50.19.46
unknown
Russian Federation
57.43.145.45
unknown
Belgium
158.164.209.206
unknown
United States
94.152.96.255
unknown
Poland
95.81.253.241
unknown
Russian Federation
95.170.15.63
unknown
France
94.66.233.253
unknown
Greece
95.137.253.36
unknown
Georgia
85.170.165.157
unknown
France
31.126.1.104
unknown
United Kingdom
95.58.131.1
unknown
Kazakhstan
31.121.22.173
unknown
United Kingdom
85.48.206.173
unknown
Spain
94.25.27.88
unknown
Russian Federation
94.87.6.232
unknown
Italy
197.143.201.68
unknown
Algeria
157.186.91.146
unknown
Russian Federation
94.94.61.18
unknown
Italy
94.227.194.44
unknown
Belgium
95.4.134.166
unknown
Turkey
31.2.120.29
unknown
Poland
58.234.32.241
unknown
Korea Republic of
94.98.191.255
unknown
Saudi Arabia
31.188.224.161
unknown
Italy
9.119.160.211
unknown
United States
94.174.22.211
unknown
United Kingdom
48.53.83.172
unknown
United States
25.131.234.44
unknown
United Kingdom
62.195.46.116
unknown
Netherlands
218.115.38.100
unknown
Japan
157.0.158.246
unknown
China
88.78.23.228
unknown
Germany
31.73.32.211
unknown
United Kingdom
112.205.62.158
unknown
Philippines
88.89.194.49
unknown
Norway
31.137.99.239
unknown
Netherlands
112.27.76.184
unknown
China
197.185.70.91
unknown
South Africa
95.236.91.112
unknown
Italy
85.169.238.230
unknown
France
31.144.92.39
unknown
Ukraine
85.218.215.97
unknown
Denmark
31.63.4.119
unknown
Poland
42.67.255.118
unknown
Taiwan; Republic of China (ROC)
157.190.234.161
unknown
Ireland
There are 90 hidden IPs, click here to show them.