Technical Information
Malicious functions:
Removes itself
Substitutes application name for:
- [procManager]
Network activity:
Establishes connection:
- 8.#.8.8:53
- 18#.##4.25.177:625
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Connects to the following servers over the IRC protocol:
- Server: 18#.#44.25.177; Command: NICK [SEIZE|x86_32]LBPNYS\nUSER vamp localhost localhost :kebs4head\n
- Server: 18#.#44.25.177; Command: PONG :5C7B7694\n
- Server: 18#.#44.25.177; Command: PONG :38186886\n
- Server: 18#.#44.25.177; Command: PONG :B42F4FA1\n
- Server: 18#.#44.25.177; Command: PONG :CD7F5ACB\n
- Server: 18#.#44.25.177; Command: PONG :B70130B5\n
- Server: 18#.#44.25.177; Command: PONG :791D422C\n
- Server: 18#.#44.25.177; Command: PONG :58C5031F\n
- Server: 18#.#44.25.177; Command: PONG :49620C02\n
- Server: 18#.#44.25.177; Command: PONG :318A728D\n
- Server: 18#.#44.25.177; Command: PONG :CE62B0B\n
- Server: 18#.#44.25.177; Command: PONG :EFA29E3B\n
- Server: 18#.#44.25.177; Command: PONG :2680B5C4\n
- Server: 18#.#44.25.177; Command: PONG :82F0C58A\n
- Server: 18#.#44.25.177; Command: PONG :6BE5E37E\n
- Server: 18#.#44.25.177; Command: PONG :E46BA320\n
- Server: 18#.#44.25.177; Command: PONG :44A77AA7\n
- Server: 18#.#44.25.177; Command: PONG :4A97617F\n
- Server: 18#.#44.25.177; Command: PONG :3B14F99C\n
- Server: 18#.#44.25.177; Command: PONG :4A645414\n
- Server: 18#.#44.25.177; Command: PONG :CCE15052\n
- Server: 18#.#44.25.177; Command: PONG :DBBE7CC1\n
- Server: 18#.#44.25.177; Command: PONG :CE2AD915\n
- Server: 18#.#44.25.177; Command: PONG :2255583C\n