Technical Information
Malicious functions:
Removes itself
Substitutes application name for:
- [procManager]
Network activity:
Establishes connection:
- 8.#.8.8:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Connects to the following servers over the IRC protocol:
- Server: 18#.#44.25.177; Command: NICK [SEIZE|x86_32]GKTWY\nUSER vamp localhost localhost :kebs4head\n
- Server: 18#.#44.25.177; Command: PONG :6A724D2E\n
- Server: 18#.#44.25.177; Command: MODE GKTWY -xi\n
- Server: 18#.#44.25.177; Command: JOIN ##flamebotnet :\n
- Server: 18#.#44.25.177; Command: WHO GKTWY\n
Sends data to the following servers:
- 92.##.102.217:23
- 15#.#6.54.16:23
- 35.###.36.217:23
- 81.##.217.141:23
- 23.##3.4.111:23
- 99.##.247.151:23
- 46.##.0.63:23
- 12#.##7.126.144:23
- 10#.##9.154.111:23