Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- 3x0c0u1ty4l5yq3lnfrgg1de
- 5icr2trx1frouxvf3vt4j5h
- sfqkcehaki2tabte3blvtzb
- zpujxf305txfbofvnchglr2r
- kzzxe44zzodrlfh5cixusr
- pwakl1x1uhsgy4amped3up2
- rfdgllijtrrxtmosznshfo
- ym12ironka2qjputac4iqeu
- ayfgrwy3nk2u31vjfl0ye
- 45f4dxnq525v2mwrmqvvg
- gxbzg1exxk1d0opyyoixs
- swjp2tvqvlqfsko2waz5m
- 3nax4e54x4aml2crgwsf
- 1tg4sfblmebboae5ij3u
- mtkieltaobw5ns0yhpnbap
- kfuoasxc1hljf1bjlvv3d3y
- rycuqlnyl1wi0qyzoo3x
- ch41xmszqhnhldkborrb
- t0e4pgvsjyunk1ciawaq5ze
- rw0ikrrcqtsai1x4hizk
- fdfcd5locxt3ndrn1oku
- izx4ons2svglbx2af2dyulc2
- njtjmqshhr30tbnv3sxmw
- pimgac1i545nok2awhz4nt
- vgm40vo22cr25zv1v1yw
- 5czcjuvcmdrfizuzznef
- goece0eq2f0ss3mpgf41vv
- 1hmuc4dcbfclxp0bhrrjncp1
- ljxwioc4sgt5w35ght0v
- xswi3nzel5whigmwetgvkv
- wteyc02m0w4ngnhjz0ichfle
Performs operations with the file system:
Creates or modifies files:
- <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
- 19#.##8.212.50:3467
Establishes connection:
- 8.#.8.8:53
- 5.###.227.18:4321
- 5.###.227.18:7685