Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- 1cnpdtqq1btyzwtwp2cmj
- vf04anldh2s1cnjcoqdxlm
- mv2otm4w4vmg0v3nmossdh
- oeqfhtsvqqw35pfbigclf
- 4hjak25op1lgih5atw2wpi
- 4zzkdwhl4vjray12gy1x
- fl5axosqf3myxemqn3mz
- ryje2tnilouwqalh3tnbg5
- 0xjq2mpapadcvynora3xh0
- jml2jtpizjinc4fnpz00
- xp1uj20egduubwlplizyjtwr
- plsznp34ymm400fxiljung5f
- qvujoxsceq3hk5bstbiimgwf
- jsd11dadqwcgyyjsogdl
- iss4fycsqr2u5awkemof
- 2ehjmke3jtzpel03skw3kqlt
- w44j45ynueft0d4bvnxovsde
- 2san2rxkirnif2p1obhckl
- h3s2dq5bcl3ryzp2bmmtvfol
- ahhdouf4gqsn2ugyhu4t
- 4f0ywt4wzbazsit0ojpepf
- frsgcpdisxa5tf33mg1vebk3
- b5staij054vtsjazo3uuj
- 5u125vy2zkvgzbxt5al1uf0
- hntzn0gtjjozxpabpaub1
- oee4rjmtfj3flpvlhbdtz2
- oj2m4eahujfme0arldr4arl2
- 3smxo1tixwny1vdcy4larv
- d454cyc2kndtnpkz5k5nuk
- uvlpksktrod2agdx41rd
- tqryz3ctndy3lr0rm40hx
Performs operations with the file system:
Creates or modifies files:
- <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
- 19#.##8.218.50:3467
Establishes connection:
- 8.#.8.8:53
- 5.###.227.18:4321
- 5.###.227.18:7685