Linux.Packed.764
Added to the Dr.Web virus database:
2020-03-25
Virus description added:
2020-03-25
Technical Information
Malicious functions:
Gets access to SSH keys
- /root/.ssh/authorized_keys
Launches processes:
- /usr/bin/getconf CLK_TCK
- <SAMPLE_FULL_PATH>
- /usr/bin/lsb_release
Kills the following processes:
Performs operations with the file system:
Creates folders:
- <SAMPLE_FULL_PATH>.d
- /root/.ssh
Creates or modifies files:
- <SAMPLE_FULL_PATH>.d/5015.db
Network activity:
Establishes connection:
- 12#.##.243.182:1429
- 47.###.17.224:35370
- 22#.#.5.5:53
- 1.#.1.1:53
- 20#.##.222.222:443
- 8.#.8.8:53
- 11#.#9.29.29:53
- 47.##.103.7:36500
- 21#.#39.38.21:9
- 21#.#39.32.21:9
- 21#.#39.34.21:9
- 21#.#39.36.21:9
- 10#.#0.17.242:9
- 10#.#0.16.242:9
- 52.###.161.135:9
- 18.##3.90.151:9
- [2#######0:c000:1000::501]:9
- 52.#.197.231:9
- 47.###.30.15:38582
- 66.###.248.178:9
- 2.##.194.136:9
- 23.##3.4.64:9
- 23.##3.4.32:9
- 34.##6.80.17:9
- 34.###.132.204:9
- 52.##6.178.1:9
- 18.###.112.207:9
- 18.###.132.216:9
- 34.###.250.175:9
- 34.###.181.158:9
- 2.##.194.153:9
- 34.##7.12.81:9
- 19#.##9.78.15:44609
- 2.##.81.201:9
- 2.##.81.218:9
- 21#.###.40.228:39296
- 10#.##.77.117:46713
- 11#.##.29.95:44282
- 10#.##.42.87:55109
- 61.###.29.136:41938
- 47.###.191.224:42513
- 59.##.175.136:51873
- 12#.##4.81.32:52793
- 2.##.242.243:9
- 2.##.242.202:9
- 10#.##.76.155:35411
- 47.##.26.2:50775
- 47.##.156.148:44343
- 12#.###.109.108:36461
- 16#.##.111.110:43371
- 11#.###.129.150:33979
- 12#.###.143.67:36053
- 18#.##.148.233:39174
- 49.###.105.183:42826
- 10#.##.76.155:41359
HTTP GET requests:
- ip##.#canhazip.com/
- ip####.net/plain
- v4.##ent.me/
- ch#####.amazonaws.com/
- ip###o.io/ip
- bo#.####ismyipaddress.com/
- wh#####yip.akamai.com/
- sr#.##tnu.com/jobs
DNS ASK:
- ip##fo.io
- ip##ho.net
- ip##.#canhazip.com
- ch#####.amazonaws.com
- v4.#dent.me
- bo#.####ismyipaddress.com
- wh#####yip.akamai.com
Sends data to the following servers:
- 20#.##.222.222:443
- 1.#.1.1:53
- 12#.##4.81.32:52793
Receives data from the following servers:
- 20#.##.222.222:443
- 1.#.1.1:53
- 12#.##4.81.32:52793
Other:
Collects CPU information
Collects RAM information
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細