マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Packed.764

Added to the Dr.Web virus database: 2020-03-25

Virus description added:

Technical Information

Malicious functions:
Gets access to SSH keys
  • /root/.ssh/authorized_keys
Launches processes:
  • /usr/bin/getconf CLK_TCK
  • <SAMPLE_FULL_PATH>
  • /usr/bin/lsb_release
Kills the following processes:
  • /usr/bin/lsb_release
Performs operations with the file system:
Creates folders:
  • <SAMPLE_FULL_PATH>.d
  • /root/.ssh
Creates or modifies files:
  • <SAMPLE_FULL_PATH>.d/5015.db
Network activity:
Establishes connection:
  • 12#.##.243.182:1429
  • 47.###.17.224:35370
  • 22#.#.5.5:53
  • 1.#.1.1:53
  • 20#.##.222.222:443
  • 8.#.8.8:53
  • 11#.#9.29.29:53
  • 47.##.103.7:36500
  • 21#.#39.38.21:9
  • 21#.#39.32.21:9
  • 21#.#39.34.21:9
  • 21#.#39.36.21:9
  • 10#.#0.17.242:9
  • 10#.#0.16.242:9
  • 52.###.161.135:9
  • 18.##3.90.151:9
  • [2#######0:c000:1000::501]:9
  • 52.#.197.231:9
  • 47.###.30.15:38582
  • 66.###.248.178:9
  • 2.##.194.136:9
  • 23.##3.4.64:9
  • 23.##3.4.32:9
  • 34.##6.80.17:9
  • 34.###.132.204:9
  • 52.##6.178.1:9
  • 18.###.112.207:9
  • 18.###.132.216:9
  • 34.###.250.175:9
  • 34.###.181.158:9
  • 2.##.194.153:9
  • 34.##7.12.81:9
  • 19#.##9.78.15:44609
  • 2.##.81.201:9
  • 2.##.81.218:9
  • 21#.###.40.228:39296
  • 10#.##.77.117:46713
  • 11#.##.29.95:44282
  • 10#.##.42.87:55109
  • 61.###.29.136:41938
  • 47.###.191.224:42513
  • 59.##.175.136:51873
  • 12#.##4.81.32:52793
  • 2.##.242.243:9
  • 2.##.242.202:9
  • 10#.##.76.155:35411
  • 47.##.26.2:50775
  • 47.##.156.148:44343
  • 12#.###.109.108:36461
  • 16#.##.111.110:43371
  • 11#.###.129.150:33979
  • 12#.###.143.67:36053
  • 18#.##.148.233:39174
  • 49.###.105.183:42826
  • 10#.##.76.155:41359
HTTP GET requests:
  • ip##.#canhazip.com/
  • ip####.net/plain
  • v4.##ent.me/
  • ch#####.amazonaws.com/
  • ip###o.io/ip
  • bo#.####ismyipaddress.com/
  • wh#####yip.akamai.com/
  • sr#.##tnu.com/jobs
DNS ASK:
  • ip##fo.io
  • ip##ho.net
  • ip##.#canhazip.com
  • ch#####.amazonaws.com
  • v4.#dent.me
  • bo#.####ismyipaddress.com
  • wh#####yip.akamai.com
Sends data to the following servers:
  • 20#.##.222.222:443
  • 1.#.1.1:53
  • 12#.##4.81.32:52793
Receives data from the following servers:
  • 20#.##.222.222:443
  • 1.#.1.1:53
  • 12#.##4.81.32:52793
Other:
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number