Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- SumFGYvOXHIs6VQtYsNnraLbcgXg
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:23
- 0.0.0.0:22
- 0.0.0.0:443
- 0.0.0.0:81
- 0.0.0.0:8080
Establishes connection:
- 8.#.8.8:53
- 80.###.97.49:18321
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 10#.##.249.151:23
- 15#.#44.23.5:23
- 12#.##.237.253:23
- 57.###.149.42:23
- 73.##.35.136:23
- 19#.##0.113.127:23
- 96.###.107.72:23
- 86.###.101.140:23
- 81.###.31.114:23
- 11#.##2.158.35:23
- 15#.##2.2.177:23
- 19#.#3.26.25:23
- 18#.#61.0.11:23
- 38.###.240.38:23
- 15#.##.31.175:23
- 11#.##3.72.55:23
- 20#.##2.123.141:23
- 14#.##2.15.233:23
- 16#.##0.183.234:23
- 16#.##5.2.148:23
- 15#.##6.136.90:23
- 74.#.199.73:23
- 24.##.34.143:23
- 12#.##4.231.250:23
- 90.###.136.115:23
- 46.###.202.38:23
- 10#.##8.254.149:23
- 93.##9.32.94:23
- 17#.##.226.49:23
- 17#.##.102.36:23
- 18#.##.63.220:23
- 13.##.254.11:23
- 17#.##7.96.22:23
- 59.###.124.187:23
- 82.##.1.56:23
- 34.##.119.97:23
- 20.##.155.218:23
- 19#.##.22.145:23
- 45.###.37.126:23
- 16#.##0.115.43:23
- 15#.##.139.170:23
- 18#.##7.16.210:23
- 20#.##.21.126:23
- 15#.##.65.248:23
- 97.##.133.116:23
- 12#.##.244.156:23
- 13#.##.241.66:23
- 34.##5.56.96:23
- 19#.#9.22.72:23
- 14#.##.53.225:23
- 36.###.246.97:23
- 83.###.198.80:23
- 19#.##8.77.45:23
- 69.##.189.182:23
- 84.###.31.178:23
- 16#.##.208.170:23
- 58.###.252.85:23
- 69.##.50.81:23
- 18#.##9.84.75:23
- 16#.#.105.43:23
- 18#.##5.96.114:23
- 12#.##0.125.152:23
- 18#.##.193.69:23
- 54.#.49.66:23
- 65.###.66.186:23
- 20#.##6.188.42:23
- 84.#.178.173:23
- 79.##.234.88:23
- 20#.##1.33.222:23
- 34.##.34.21:23
- 41.###.158.64:23
- 67.###.247.145:23
- 11#.##3.101.239:23
- 70.##.75.105:23
- 18#.##8.223.99:23
- 41.##.136.187:23
- 81.##.28.200:23
- 79.##.141.99:23
- 8.###.175.61:23
- 11#.##1.8.112:23
- 15#.##6.36.86:23
- 19#.##.36.231:23
- 21#.##0.172.175:23
- 19#.##2.25.172:23
- 19#.##1.60.65:23
- 18#.##.100.13:23
- 65.##.44.43:23
- 21#.##.90.151:23
- 19#.##.185.251:23
- 14#.#.132.122:23
- 75.##.226.198:23
- 18#.##3.146.92:23
- 95.###.102.171:23
- 14#.##7.170.205:23
- 92.###.189.59:23
- 66.###.130.162:23
- 15#.##.215.199:23
- 20.##.2.178:23
- 12#.##.140.23:23
- 4.###.138.120:23
- 14#.#4.56.4:23
- 16#.#5.60.38:23
- 11#.##2.223.50:23
- 19.###.223.95:23
- 27.###.145.194:23
- 19#.##9.207.182:23
- 54.#.189.251:23
- 71.###.191.170:23
- 15#.##.19.161:23
- 35.##9.60.58:23
- 31.###.47.144:23
- 14#.##1.134.16:23
- 19#.##8.124.149:23
- 18#.##5.131.45:23
- 21#.#7.73.33:23
- 17#.##5.71.140:23
- 20#.##5.18.199:23
- 17.##.49.188:23
- 15#.##8.177.148:23
- 46.##.210.44:23
- 17#.##0.134.124:23
- 36.###.96.103:23
- 15#.#10.4.64:23
- 75.##.32.12:23
- 14#.##0.207.87:23
- 11#.##6.41.87:23
- 76.##.255.37:23
- 18#.##4.96.79:23
- 40.###.174.180:23
- 19#.##6.204.242:23
- 17#.##9.187.177:23
- 76.###.243.160:23
- 10#.##7.35.127:23
- 19#.##.39.186:23
- 91.###.80.210:23
- 21#.##6.28.225:23
- 15#.##2.13.186:23
- 35.###.192.177:23
- 83.##.134.44:23
- 44.###.26.173:23
- 17#.##8.150.56:23
- 10#.##2.151.52:23
- 19#.##0.216.24:23
- 20.###.70.247:23
- 16#.##5.90.58:23
- 18#.##.237.130:23
- 62.###.15.228:23
- 88.###.214.128:23
- 10#.##0.122.177:23
- 37.##.221.7:23
- 19#.##8.48.172:23
- 35.##.126.136:23
- 11#.#.153.83:23
- 16#.##.169.237:23
- 16#.##.100.209:23
- 16#.#.157.1:23
- 54.##.16.151:23
- 71.###.115.60:23
- 20#.##0.139.142:23
- 84.##9.69.69:23
- 12#.##7.98.114:23
- 11#.##.168.198:23
- 76.###.84.223:23
- 21#.##.206.56:23
- 11#.##0.107.42:23
- 77.###.196.73:23
- 21#.##1.32.163:23
- 10#.##2.238.47:23
- 13#.##3.62.53:23
- 81.###.171.123:23
- 35.###.169.68:23
- 5.##.94.169:23
- 14#.##.223.183:23
- 19#.##.197.251:23
- 20#.##3.144.74:23
- 21#.##.144.49:23
- 8.###.164.243:23
- 13#.##9.12.159:23
- 95.##6.60.0:23
- 13#.##1.169.12:23
- 15#.##1.6.184:23
- 93.###.217.26:23
- 11#.#11.77.7:23
- 19#.#.71.188:23
- 10#.##8.234.135:23
- 23.###.103.198:23
- 8.##.224.125:23
- 19#.##.198.147:23
- 10#.##.221.146:23
- 5.##.202.201:23
- 45.##.60.77:23
- 19#.##.27.102:23
- 22#.##0.173.240:23
- 44.##.56.68:23
- 94.###.41.249:23
- 10#.#1.5.196:23
- 16#.##.192.185:23
- 10#.##9.211.49:23
- 36.###.161.76:23
- 60.##.163.61:23
- 91.###.141.245:23
- 11#.##.173.125:23
- 76.###.179.60:23
- 80.##.91.117:23
- 95.##.191.232:23
- 21#.##5.91.119:23
- 93.###.78.176:23
- 14#.##2.149.17:23
- 15#.##9.114.99:23
- 15#.##8.171.255:23
- 46.##.227.132:23
- 10#.##2.25.219:23
- 5.##.85.9:23
- 15#.##.84.253:23
- 12#.##.86.196:23
- 16#.#1.18.13:23
- 19#.##0.37.233:23
- 72.##3.121.2:23
- 17#.##4.194.25:23
- 63.##.180.4:23
- 17#.##.104.248:23
- 74.###.174.221:23
- 67.##2.37.17:23
- 11#.##.155.154:23
- 47.#.43.147:23
- 45.##.99.246:23
- 16#.##1.147.155:23
- 13#.##6.102.27:23
- 10#.#8.87.3:23
- 68.##.54.9:23
- 5.###.13.213:23
- 14#.#7.168.8:23
- 15#.##.159.65:23
- 16#.##.146.245:23
- 11#.##.16.237:23
- 93.###.210.51:23
- 45.##.196.208:23
- 15#.##.62.177:23
- 16#.##2.106.122:23
- 22#.##.237.154:23
- 1.###.106.137:23
- 17.###.145.67:23
- 20#.##.172.17:23
- 18#.##.115.18:23
- 11#.##.125.146:23
- 74.###.174.42:23
- 65.##.156.14:23
- 10#.##8.83.67:23
- 57.##.12.92:23
- 10#.##3.201.18:23
- 13.###.218.176:23
- 15#.##6.117.26:23
- 19#.#.92.96:23
- 11#.##9.182.194:23
- 2.##.36.174:23
- 18#.##.64.195:23
- 81.###.89.109:23
- 14#.##.168.243:23
- 31.###.149.102:23
- 15#.##0.70.177:23
- 14#.##7.132.249:23
- 15#.##3.253.26:23
- 15#.##8.77.153:23
- 16#.##1.170.97:23
- 13#.##.248.64:23
- 32.##.58.85:23
- 13.###.177.206:23
- 18#.##3.198.72:23
- 82.###.94.166:23
- 90.##9.7.110:23
- 21#.##3.84.12:23
- 19#.##.25.253:23
- 63.###.84.114:23
- 19#.##5.49.198:23
- 17#.##8.129.49:23
- 16#.##0.233.233:23
- 14#.##6.79.52:23
- 78.###.70.150:23
- 88.##.63.126:23
- 91.###.83.196:23
- 21#.##5.221.130:23
- 18#.##8.5.158:23
- 11#.##.152.184:23
- 10#.##.117.109:23
- 11#.#.67.103:23
- 39.#.43.147:23
- 19#.#.77.127:23
- 37.##.239.43:23
Receives data from the following servers:
- 80.###.97.49:18321