Technical Information
Malicious functions:
Gains root privileges
Performs process tracing:
- <SAMPLE>
- <SAMPLE_FULL_PATH>
Launches processes:
- /bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
- <SAMPLE_FULL_PATH>
- /bin/bash <SAMPLE_FULL_PATH> -c
- mkdir -v //key
- mkdir -v //result
- mkdir -v //hccap
- mkdir -v //reaver
- mkdir -v //besside
- grep onitor
- awk { print $1 }
- awk -F | { print $1 }
- grep -v PHY
- grep -v ^$
- awk { print $2 \" \" $3 \" \" $4 \" \" $5 \" \" $6}
- grep -B 1 monitor
- lspci
- lspci -n
- ifconfig
- fdisk -l
- dmesg
Kills the following processes:
- <SAMPLE>
- <SAMPLE_FULL_PATH>
Performs operations with the file system:
Deletes folders:
- /tmp/xtermrwvYb3
- /tmp/xtermZAxQnj
Creates or modifies files:
- /tmp/xtermrwvYb3/index.theme
- /tmp/xtermZAxQnj/index.theme
- //status.txt
- /status.txt
Deletes files:
- /tmp/xtermrwvYb3/index.theme
- /tmp/xtermZAxQnj/index.theme
Other:
Collects RAM information