Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- ezoedrbcf4luwm0wlql1l
Network activity:
Awaits incoming connections on ports:
- 19#.##8.211.50:3467
Establishes connection:
- 8.#.8.8:53
- 5.###.227.140:4321
- 5.###.227.140:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 5.###.227.140:4321
- 5.###.227.140:7685
- 0.0.0.0:0
- 17#.##.206.33:23
- 84.##.167.143:23
- 16#.##3.80.97:23
- 24#.#.201.145:23
- 25#.##7.63.186:23
- 11#.##9.95.163:23
- 59.###.125.115:23
- 15.###.59.126:23
- 21#.##.203.193:23
- 23#.##.191.103:23
- 84.###.153.207:23
- 11#.##2.6.204:23
- 17#.##8.209.66:23
- 12#.##3.197.93:23
- 20#.##9.222.164:23
- 12#.#4.69.37:23
- 14#.##.203.213:23
- 20#.##6.249.191:23
- 23#.##3.176.130:23
- 13.###.98.194:23
- 93.###.215.151:23
- 15#.#50.94.0:23
- 2.##.153.9:23
- 44.##.49.72:23
- 20#.##.102.31:23
- 56.###.181.101:23
- 11#.#2.20.24:23
- 54.##.156.151:23
- 17#.##1.57.128:23
- 88.###.42.194:23
- 98.###.158.120:23
- 23.##5.51.77:23
- 9.###.178.167:23
- 11#.##5.193.215:23
- 15#.##5.124.122:23
- 18#.##6.118.58:23
- 10#.##4.52.97:23
- 3.##.111.6:23
- 18.##.142.166:23
- 55.###.248.204:23
- 21#.#3.52.17:23
- 15#.#62.86.7:23
- 23#.##4.212.182:23
- 18#.##.190.79:23
- 97.###.12.160:23
- 12#.##5.42.134:23
- 12#.##1.233.51:23
- 18#.##5.144.196:23
- 22#.##4.249.75:23
- 17#.##1.103.42:23
- 13#.##0.229.186:23
- 58.###.160.225:23
- 15#.##0.70.21:23
- 18#.##7.115.154:23
- 71.##.30.171:23
- 20#.##2.253.110:23
- 20#.##6.169.17:23
- 24#.##4.70.152:23
- 10#.##9.213.199:23
- 1.###.79.248:23
- 6.###.1.31:23
- 63.##4.183.3:23
- 10#.#1.3.225:23
- 18#.##3.236.35:23
- 45.###.63.167:23
- 14#.##0.96.134:23
- 13.###.21.249:23
- 64.##1.59.45:23
- 38.##.161.115:23
- 43.###.128.154:23
- 10#.#7.3.122:23
- 25#.#.136.85:23
- 95.###.46.186:23
- 12.##.3.159:23
- 19#.##.13.201:23
- 80.###.168.30:23
- 12#.##1.27.127:23
- 13#.##5.239.249:23
- 82.#.169.100:23
- 92.###.53.158:23
- 21#.#80.40.7:23
- 63.##.84.175:23
- 23#.##.173.82:23
- 37.###.92.141:23
- 13#.##7.89.16:23
- 17#.#.41.190:23
- 23#.##9.123.194:23
- 15#.##5.119.194:23
- 10#.##.164.134:23
- 21#.##.167.228:23
- 18#.##2.244.97:23
- 45.###.175.10:23
- 17#.#.144.163:23
- 20.##.25.65:23
- 13#.##1.242.242:23
- 82.##7.5.69:23
- 31.###.211.121:23
- 9.##.67.213:23
- 16.##.41.211:23
- 25#.##5.118.206:23
- 90.##.160.146:23
- 12#.##.112.243:23
- 18#.#1.86.64:23
- 13#.##.27.227:23
- 17.###.60.191:23
- 64.##.141.71:23
- 10#.##0.73.126:23
- 17#.##1.19.117:23
- 12#.##.57.232:23
- 23.###.54.139:23
- 10#.##.166.94:23
- 18#.##1.124.86:23
- 14#.##2.36.140:23
- 13#.##8.28.25:23
- 21#.##2.100.100:23
- 94.##.185.96:23
- 24#.#8.63.6:23
- 15#.##6.146.61:23
- 16#.#27.7.42:23
- 1.###.117.180:23
- 23#.##7.255.95:23
- 22#.##6.231.214:23
- 22#.#.56.241:23
- 15#.##.142.210:23
- 52.##.59.69:23
- 31.###.163.243:23
- 23#.##2.211.54:23
- 21#.##8.191.197:23
- 15#.#0.91.90:23
- 23#.##.64.134:23
- 12#.##9.151.176:23
- 20#.##8.40.227:23
- 71.###.250.143:23
- 27.##.108.166:23
- 67.###.158.95:23
- 9.#.#73.206:23
- 23#.##6.55.201:23
- 99.##.97.140:23
- 21.###.59.226:23
- 83.##.126.154:23
- 25#.##2.241.104:23
- 42.###.170.218:23
- 21#.##1.88.67:23
- 1.##.193.57:23
- 19.###.142.34:23
- 18#.##8.196.158:23
- 21#.##2.131.8:23
- 54.##.19.4:23
- 21#.##.97.206:23
- 4.###.107.219:23
- 59.###.94.215:23
- 24#.##2.138.66:23
- 42.###.220.27:23
- 10#.##.219.232:23
- 62.##.240.178:23
- 58.##.200.246:23
- 15#.##4.225.51:23
- 24#.##4.166.203:23
- 16#.##6.80.91:23
- 19#.##7.152.45:23
- 75.##.223.181:23
- 31.##.195.75:23
- 31.##.174.14:23
- 12#.##7.34.90:23
- 58.##2.6.222:23
- 25#.##.153.211:23
- 25#.##4.215.106:23
- 38.##.249.245:23
- 16#.##4.105.114:23
- 9.###.59.2:23
- 60.###.90.232:23
- 24#.##8.185.163:23
- 63.###.228.35:23
- 21.###.237.204:23
- 16#.##4.52.30:23
- 13#.##0.111.234:23
- 10#.##.144.34:23
- 21#.##6.12.77:23
- 22#.##5.44.147:23
- 15#.##5.130.19:23
- 44.##.199.83:23
- 19#.##4.70.163:23
- 2.###.121.233:23
- 81.##.217.145:23
- 22#.##5.103.226:23
- 25#.##1.35.239:23
- 24#.##3.165.52:23
- 22#.##4.251.89:23
- 61.###.42.188:23
- 94.##4.32.21:23
- 13#.##3.118.150:23
- 62.#.31.166:23
- 11#.##3.120.84:23
- 24#.##8.67.155:23
- 18#.##.122.54:23
- 5.###.127.165:23
- 25#.##6.194.104:23
- 16#.##9.172.186:23
- 20#.#4.65.0:23
- 13#.##5.64.198:23
- 10#.##5.8.146:23
- 13#.##.221.173:23
- 17#.##6.139.179:23
- 18#.##.146.143:23
- 19#.##4.213.202:23
- 10#.##8.79.13:23
- 17#.##2.223.106:23
- 15.###.120.26:23
- 68.##.157.3:23
- 12#.##5.225.171:23
- 21#.#00.8.9:23
- 17#.##2.46.83:23
- 12#.##5.229.113:23
- 11#.##8.11.46:23
- 51.###.101.238:23
- 10#.##1.128.115:23
- 13.##.45.44:23
- 22#.##8.27.186:23
- 21#.##5.135.255:23
- 23#.##6.238.187:23
- 21#.##3.93.108:23
- 23#.##5.194.186:23
- 20.###.163.221:23
- 86.###.63.192:23
- 22.##6.4.129:23
- 90.##.75.213:23
- 11#.##.158.151:23
- 23#.##5.85.148:23
- 59.###.173.143:23
- 24#.##3.225.100:23
- 20#.##.197.102:23
- 28.##6.208.4:23
- 25#.##5.109.186:23
- 22#.##.151.80:23
- 10#.##7.221.197:23
- 16#.##.146.209:23
- 14#.##5.75.168:23
- 16#.##7.57.107:23
- 14#.##.152.208:23
- 22.###.158.232:23
- 17#.##8.134.181:23
- 10#.##6.33.246:23
- 20#.##7.111.216:23
- 85.###.107.119:23
- 17#.##8.73.102:23
- 23.##9.85.1:23
- 22#.#07.1.90:23
- 24#.##7.202.137:23
- 15#.##8.67.152:23
- 16#.##3.91.174:23
- 18#.##5.167.5:23
- 18#.##1.140.202:23
- 45.##5.87.40:23
- 15#.##.31.253:23
- 13#.##7.98.121:23
- 25#.##9.151.252:23
- 19#.#0.32.38:23
- 18#.##3.187.114:23
- 18#.##1.0.174:23
- 23#.##5.104.150:23
- 23#.##.209.85:23
- 12#.##1.76.21:23
- 47.##.131.152:23
- 11#.##8.68.255:23
- 15#.##3.222.182:23
- 20#.##9.103.117:23
- 92.##.92.205:23
- 17#.#5.47.14:23
- 13#.##.242.154:23
- 19#.##.225.249:23
- 11#.##.176.152:23
- 20#.#2.61.65:23
- 56.##.243.166:23
- 21#.##2.13.38:23
- 21#.##1.88.165:23
- 25#.##9.101.43:23
- 16.##.188.188:23
- 21#.##.75.163:23
- 15#.##6.225.126:23
- 27.##3.1.20:23
- 10#.##.131.60:23
- 11#.##9.187.211:23
- 11#.##5.170.45:23
- 10#.##5.81.160:23
- 46.###.166.67:23
- 44.###.143.213:23
- 39.###.133.222:23
- 79.###.148.133:23
- 14#.#0.99.63:23
- 44.###.162.30:23
- 21#.##7.33.63:23
- 15#.##.190.32:23
- 13#.##.55.218:23
- 19#.##.242.226:23
- 11.##.247.177:23
- 19#.##.26.224:23
- 15#.#75.13.2:23
- 90.##.219.169:23
- 10#.##6.221.47:23
- 13#.##.187.20:23
- 15#.##1.253.151:23
- 25#.##1.72.198:23
- 12#.#6.17.69:23
- 14#.##4.104.68:23
- 21#.##3.217.92:23
- 5.###.208.14:23
- 21#.##6.75.176:23
- 22#.##7.174.130:23
- 21#.##.113.133:23
- 17#.##0.66.233:23
- 25.#.191.120:23
- 22#.##9.113.133:23
- 99.##.1.196:23
- 10#.##5.24.147:23
- 18#.##6.96.193:23
- 10#.##2.232.195:23
- 25#.##9.72.208:23
- 11#.##5.114.190:23
- 15#.##.180.240:23
Receives data from the following servers:
- 5.###.227.140:7685