Technical Information
Malicious functions:
Compiles a program from source codes:
- /usr/bin/gcc e.c -o e
Launches processes:
- sh -c /usr/bin/sudo -V
- /usr/bin/sudo -V
- sh -c /usr/bin/gcc e.c -o e
- /usr/bin/sudo %20$08n %*482$ %*2850$ %1073741824$ -D9 -A
- e
- /bin/sh
Performs operations with the file system:
Modifies file access rights:
- /root/e
- /root/e.sh
Creates or modifies files:
- /root/e.c
- /tmp/ccwYlXkC.s
- /tmp/ccy5U5pk.o
- /tmp/ccU8l832.res
- /tmp/cc7PKmGj.c
- /tmp/cctNXlw2.o
- /tmp/ccmwfvmL.ld
- /tmp/ccn8UYcu.le
- /root/e
- /root/e.sh
Deletes files:
- /tmp/ccmwfvmL.ld"
- /tmp/ccn8UYcu.le"
- /tmp/cc7PKmGj.c"
- /tmp/cctNXlw2.o"
- /tmp/ccU8l832.res"
- /tmp/ccy5U5pk.o"
- /tmp/ccwYlXkC.s"
- /root/e"
- /root/e.c"
- /root/e.sh"
Other:
Collects RAM information