Technical Information
Malicious functions:
Launches itself as a daemon
Kills the following processes:
- <SAMPLE>
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:23
- 0.0.0.0:21
- 0.0.0.0:33434
- 0.0.0.0:8291
- 0.0.0.0:6201
- 0.0.0.0:5984
- 0.0.0.0:5500
- 0.0.0.0:5000
Establishes connection:
- 8.#.8.8:53
- 19#.##.50.97:908
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 19#.##.50.97:908
- 65.###.233.111:23
- 24#.##9.100.114:23
- 16#.##8.164.72:23
- 70.###.109.213:23
- 89.##.153.153:23
- 68.##.162.176:23
- 15#.##0.6.218:23
- 24#.##7.224.235:23
- 39.###.135.52:23
- 25#.##0.104.95:23
- 21#.##1.221.165:23
- 96.###.169.181:23
- 61.##.21.109:23
- 96.##.113.191:23
- 12#.##.251.48:23
- 11#.##.75.194:23
- 13#.##8.100.144:23
- 60.##3.60.69:23
- 13#.##3.176.100:23
- 67.##.0.20:23
- 5.###.26.44:23
- 15#.##.223.25:23
- 13#.##3.170.85:23
- 10#.##7.170.0:23
- 93.###.210.253:23
- 51.##.224.226:23
- 63.###.109.211:23
- 11#.##0.207.1:23
- 88.##.5.203:23
- 72.##.76.230:23
- 22#.##.195.114:23
- 12#.##1.154.0:23
- 17#.##.217.146:23
- 36.###.131.139:23
- 25#.##.176.185:23
- 24#.##4.11.35:23
- 23#.#4.38.88:23
- 19#.#9.86.29:23
- 9.##.63.10:23
- 76.##.109.79:23
- 82.##.84.81:23
- 23#.##5.26.172:23
- 34.##.207.57:23
- 11#.##6.193.154:23
- 92.##3.15.25:23
- 23#.##.151.232:23
- 17#.##.86.162:23
- 11#.##3.17.211:23
- 61.##.202.8:23
- 16#.##.166.75:23
- 14#.#6.7.193:23
- 15#.#4.60.31:23
- 27.###.108.119:23
- 18#.##2.48.152:23
- 17#.##.145.82:23
- 10#.##9.231.32:23
- 69.###.131.186:23
- 15#.##.217.41:23
- 19#.##2.29.221:23
- 12#.##.197.47:23
- 38.###.102.100:23
- 17#.##9.217.93:23
- 20#.##.192.23:23
- 94.###.241.106:23
- 20#.#1.192.8:23
- 32.#.164.137:23
- 14#.##7.249.134:23
- 10#.##4.27.218:23
- 13#.##1.246.31:23
- 15#.##5.70.99:23
- 22#.##.154.160:23
- 25#.##2.132.253:23
- 18#.##4.217.229:23
- 13#.#.252.219:23
- 11#.##2.91.209:23
- 5.###.168.11:23
- 96.##8.67.54:23
- 20#.##2.12.178:23
- 16#.##.248.132:23
- 21#.##.114.238:23
- 40.##.159.5:23
- 15#.##.97.143:23
- 59.##.5.79:23
- 10#.##4.12.148:23
- 14#.##.135.154:23
- 21#.##0.144.72:23
- 11#.##.178.151:23
- 18#.##5.155.161:23
- 20.##.173.109:23
- 61.##6.32.46:23
- 23#.##4.121.173:23
- 13#.##8.254.136:23
- 10#.##9.29.36:23
- 13#.##.133.157:23
- 12#.##0.182.101:23
- 4.###.39.5:23
- 22#.##3.138.87:23
- 14#.##1.201.211:23
- 24#.##4.69.226:23
- 11#.##.223.151:23
- 17#.##4.246.181:23
- 90.###.202.255:23
- 74.##.3.146:23
- 27.###.145.60:23
- 16#.##1.253.136:23
- 84.###.230.38:23
- 68.###.107.18:23
- 1.##.138.6:23
- 27.##4.163.7:23
- 24#.##.86.191:23
- 12#.##.128.144:23
- 18#.##8.13.106:23
- 46.###.160.54:23
- 36.###.142.102:23
- 10#.##5.118.128:23
- 12#.##6.174.10:23
- 74.##.131.237:23
- 21#.##7.72.152:23
- 10#.##0.131.181:23
- 16#.##0.60.212:23
- 94.##.54.42:23
- 37.###.209.202:23
- 83.##.128.178:23
- 20#.#.29.153:23
- 10#.##5.98.34:23
- 10#.##.240.169:23
- 11#.##0.20.231:23
- 9.##.171.131:23
- 25#.##0.200.172:23
- 11#.##6.242.211:23
- 21#.##8.202.24:23
- 11#.##4.62.207:23
- 24#.##5.151.90:23
- 70.###.192.37:23
- 16#.##0.77.107:23
- 20#.##5.191.174:23
- 82.###.228.239:23
- 11#.##8.47.231:23
- 15#.##7.251.4:23
- 35.##1.99.98:23
- 47.##.141.136:23
- 24#.##2.90.31:23
- 13.###.151.219:23
- 17#.##3.175.90:23
- 14.###.80.230:23
- 37.###.181.191:23
- 31.##.103.133:23
- 13#.##5.155.72:23
- 58.##7.54.16:23
- 10#.##.41.201:23
- 21#.##2.153.196:23
- 16#.##6.91.32:23
- 17#.##4.149.3:23
- 11#.##.35.147:23
- 15#.##.115.31:23
- 86.##4.5.175:23
- 92.###.116.155:23
- 25#.##5.178.15:23
- 15#.##.207.21:23
- 14.##.145.10:23
- 81.##.120.142:23
- 66.###.16.141:23
- 15#.#68.15.9:23
- 92.###.131.48:23
- 23.##.207.189:23
- 38.##.199.143:23
- 2.###.203.255:23
- 18#.##.250.134:23
- 11#.##8.31.81:23
- 63.##.1.229:23
- 20#.##1.138.234:23
- 23#.##7.120.203:23
- 16#.##.60.141:23
- 45.###.49.213:23
- 71.###.83.227:23
- 22#.#9.40.7:23
- 19#.##6.123.182:23
- 48.#.200.171:23
- 63.###.135.195:23
- 5.###.96.54:23
- 10#.##.131.195:23
- 11#.##0.164.214:23
- 16#.##9.247.112:23
- 91.##.88.101:23
- 14#.##.155.168:23
- 17#.##8.161.76:23
- 15#.##.111.254:23
- 78.##6.2.208:23
- 42.##.218.249:23
- 23#.##1.29.184:23
- 20#.##7.182.204:23
- 63.###.111.142:23
- 31.###.220.133:23
- 10#.##1.24.123:23
- 16#.##0.95.154:23
- 84.##.98.250:23
- 24#.##0.13.59:23
- 65.##3.68.65:23
- 36.###.124.146:23
- 20#.##5.239.15:23
- 22#.##7.223.8:23
- 46.###.147.175:23
- 97.##6.6.141:23
- 42.##3.9.136:23
- 1.###.215.70:23
- 19#.##3.150.5:23
- 24#.##2.197.250:23
- 10#.##.159.216:23
- 65.##.140.217:23
- 37.##.6.178:23
- 36.###.178.198:23
- 12#.##9.83.115:23
- 17#.##7.171.89:23
- 66.##5.0.179:23
- 2.##.37.25:23
- 22#.##2.188.250:23
- 18#.##.212.17:23
- 20#.##5.40.117:23
- 20#.#3.4.203:23
- 60.##.127.215:23
- 81.##2.107.0:23
- 82.###.228.75:23
- 85.##.3.18:23
- 46.##.12.30:23
- 66.###.54.144:23
- 17#.##3.192.82:23
- 13#.##5.23.215:23
- 31.##6.94.84:23
- 48.###.29.174:23
- 99.###.45.131:23
- 14#.##.74.112:23
- 24#.##.166.230:23
- 14#.##2.97.149:23
- 89.###.202.140:23
- 80.##7.161.8:23
- 10#.##.127.247:23
- 10#.##1.249.208:23
- 24.###.136.114:23
- 12#.##1.173.76:23
- 31.##.16.149:23
- 23#.##.253.152:23
- 32.##7.74.15:23
- 19#.##2.19.193:23
- 27.###.209.246:23
- 23.###.109.25:23
- 10#.##7.222.217:23
- 88.###.178.35:23
- 17#.##8.148.156:23
- 19#.##.134.218:23
- 19#.##5.220.200:23
- 62.###.206.27:23
- 10#.##6.144.219:23
- 14#.##.198.157:23
- 5.###.107.117:23
- 36.###.165.183:23
- 5.##.194.221:23
- 22#.##3.101.51:23
- 1.###.133.251:23
- 17#.##8.130.225:23
- 13#.##.114.210:23
- 77.###.253.252:23
- 9.##.23.116:23
- 12#.##1.37.246:23
- 15#.##1.10.213:23
- 19#.#3.151.2:23
- 11#.#0.234.9:23
- 10#.##1.4.233:23
- 20.###.120.33:23
- 24#.##3.137.187:23
- 10#.#.233.78:23
- 41.###.76.119:23
- 59.##.144.55:23
- 14#.##7.180.146:23
- 39.###.236.71:23
- 47.###.172.87:23
- 44.###.89.245:23
- 20#.##6.120.112:23
- 16#.##6.131.154:23
- 10#.##4.198.221:23
- 14#.##3.208.114:23
- 15#.##.120.96:23
- 25#.##9.40.91:23
- 10#.##1.144.214:23
- 95.##.182.146:23
- 21#.#97.71.9:23
- 25#.##.46.252:23
- 11#.##2.102.254:23
- 66.##.92.233:23
- 18#.#6.163.1:23
- 71.###.244.238:23
- 16#.#.119.60:23
- 21#.##.217.217:23
- 16#.##4.102.40:23
- 11#.##.188.15:23
- 39.##.76.225:23
- 17#.##.102.207:23
- 10#.##6.134.55:23
- 17#.#0.26.20:23
- 14#.##.224.114:23
- 18#.#1.248.9:23
- 19#.##1.51.65:23
- 22#.##6.255.10:23
- 12#.##9.124.105:23
- 92.###.110.57:23
- 10#.##2.122.71:23
- 43.###.132.233:23
- 83.##.143.165:23
- 25#.##.14.245:23
- 22#.##7.254.138:23
- 37.##6.123.1:23
- 17#.##3.119.113:23
- 43.###.103.95:23
- 18#.##5.84.222:23
- 22#.##0.80.241:23
Receives data from the following servers:
- 19#.##.50.97:908