Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- vi5qih3mt25sjij4kpyw
- 3q1lbdhmu2uop2fqw2suhjxu
- dgpsh4nn4fpwckesmvqrp
- 31wzydevqlpjhysrssfhw
- xp4uorh2lxolyptux1oqbkb
- lwwarhumak2sxshbjrlav5
- 2zi1tydpitw1b2q2olhf
- w3jhnnmbco34vctctbcj2xxu
- j3wzh0rzdfaykz0liw2tgq
- jncdc4hmuf3d2vurv3isb
- frlwxtq5ylh00w5gx21f
- w1mw2m20gmzprqakfufj4uea
- ztahjbyrvhkbyg31cnmweont
- xv5cikdvbnol0mzksy0fidz4
- crcswcjxqhmu0xvvvu4flhdl
- p5r2zfol04o1mkinlbsxk
- byx2q5awqqijlsu4osk0kk
- 3dnh40nci4xwhondd5uac
- 5uxmzblnf1wmkbtwbejlkhye
- sos3gftjllz4odg5j1fg
- tmmy4vagjvdg2bx2iu4u
- ie3e0wca2k2ct4owblvj1c3s
- swjlukievsmwroqxecsf
- vh000mz3xdfwnu4xbcsuhhh
- hfn1mk5wucgobdhjspzox
- lkms2y525qyln3w4rhh0uf
- eivyg4s1q3byntpma5jct
- edixx15a4ip4dtl3vtsc
- i5gr3zxeijfmbrpl2h01me5k
- kkr51r3iduzyqtigidlkzjt
- 0z0b2rsavf0t2twumzss
- byunsqutlzeud4bmjxuq2ak
- dgozfui3qbxcee5sznpia
- bwe5zjropqtk3fcvxitlkb
- czjooyogdwjqoi2diduxdkt
- c03ixqnou3elerurichemk4w
- 3ken3gu1r04svugdjaraexdo
- mmewy0imme5aoygertv3yxth
- g22ye03gxio5isahyy3efu
- du5iz1bhwrvzlge0afjlj
- 2qaxhykyty23haxdq5zh
- hxokkxsjrr132jrxajir
- rygghi12ximdlw3fscerbtg
- r5ro152vi51bilb5nf1ux
- d1zvndcmj3ibrscjmtt4
- b4c0vauvn3uwyezqikibt
- 01h0mglwxhngmmre1otqmcje
- ra3jde4j1wikzyn5igqc4u
- lib5fgm4g5kxlgtvxtosa
- f2ouqz1rcs5eh3eyfiriz0
- m1hpxh3w5dns2aub0ysl
- ea4dxjnvb5gcmrtiugxog
- tnfvlrutnkvtp2ak1uri3
- zmvozvdl0ondxl2ehm25
- 13c4hbftr45zsrbgsw0dsyu
- qftgpwg5dk4223uacvy4xe0
- a0wrqw1onyffmjxnqly0vx
- ka0a2l5ljtlq23peh2ye0
- f5zetd12zchlee42vogi3d40
- 14mzfbdhcpvnxtxmbjxt
- wt2ptmjtcmsd3hu2qn2v51w
- 1g51mxzuikvcgmvp35sy
- iti00y3f4doessjxjhts
- ba3qvqoizrykqhyail02i035
- kqi02xriq2ltidt2lmeu
- k4oza3xoiyag02ljdyze
- if1t42frbcwjr50i2utkh
- gw3n1pgzirhtzv5ne2m3c
- ormqzov4e1kwhyenbgzvqqu
Performs operations with the file system:
Creates or modifies files:
- <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
- 19#.##8.200.50:3467
Establishes connection:
- 8.#.8.8:53
- 15#.##.155.229:4321
- 15#.##.155.229:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 15#.##.155.229:7685
- 15#.##.155.229:4321
Receives data from the following servers:
- 15#.##.155.229:7685
- 15#.##.155.229:4321