Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- kdqtorb2sf3dvmwcuaxfes
- dhpluwngvfi2id4zb1d1
- nkiqxevz2mfceel40fu144
- mhgkg2q0x2al0gcystql52j0
- fsep0ronq5v3rkcb52kw
- fs0z0403rnb0cdlemlugxwoh
- p2puk4ymdf3ygm4qxca4
- eaedpowm2a52twleufy1m
- mxt3hc4l13gb4gitzzwb
- ivxxihuxqlq2ogjh3kn5ie
- qnk01pioun45vdms23wb
- te3vh2uaemw0gjr10bw0y
- a2e3zewu14vdatbrc3egy
- znm0ejobcxfeugc3clzd4n
- cpqvbsfs1uywezkw0s1ojuza
- ecix4ebxb1lgsbdt4ycnbf
- 0q1roalgn523hpduxg3eb
- ojoi1ecdyu5dhchtq3i3
- 3a3dwjto11cgxjckdllw0fnt
- oll4kk1al0hpou4gla1j
- uquncnauhve3ntc1j5zat3
- fqe1bk2www52xvvw0xng
- hbzxjucgqsk1g1losis1uqu
- 2xmgkmkjkgk2ebcbdzhkt3
- rumvttsjvvxh3akklluatxr
- b1xlau1vp5llvppvuocqs5o
- unpxnkpqfhftadcludeu3x
- ubssyem0narlip00hvslj4g
- blujgkg0fhr0kewvhbxgf
- em1njxve3kutslxrmtmj
- z2g0u0wwuya3jpv2cvjb
Performs operations with the file system:
Creates or modifies files:
- <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
- 19#.##8.200.50:3467
Establishes connection:
- 8.#.8.8:53
- 5.###.227.18:4321
- 5.###.227.18:7685