Linux.Siggen.6808
Added to the Dr.Web virus database:
2024-03-20
Virus description added:
2024-03-19
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Manages services:
- ['systemctl', '--version']
- ['systemctl', 'enable', '/lib/systemd/system/display-managerd.service']
Launches processes:
- echo /usr/lib/libselinux.so >> /etc/ld.so.preload 2>/dev/null
- chmod u+x /usr/bin/.Xl1/udevd
- chmod u+x /usr/bin/.Xl1/udevd 2>/dev/null
- chmod u+x /usr/bin/.Xl1/kde 2>/dev/null
- /usr/bin/.Xl1/kde 2>/dev/null
- /usr/bin/.Xl1/udevd /usr/bin/.Xl1/kde
- /usr/bin/.Xl1/kde
- systemctl --version 2>/dev/null
- chmod u+x /usr/bin/.Xl1/kde
- systemctl enable /lib/systemd/system/display-managerd.service 2>/dev/null
Performs operations with the file system:
Modifies file access rights:
- /usr/bin/.Xl1/kde
- /usr/bin/.Xl1/udevd
Creates folders:
- /usr/bin/.Xl1
- /usr/bin/.Xl1/data
Creates symlinks:
Creates or modifies files:
- /usr/bin/.Xl1/kde
- /usr/bin/.Xl1/udevd
- /usr/lib/libselinux.so
- /etc/ld.so.preload
- /usr/lib/systemd/system/display-managerd.service
- /usr/bin/.Xl1/run
- /usr/bin/.Xl1/f2
- /usr/bin/.Xl1/f1
- /memfd:lttng-ust-waits-1710866203.124732642 (deleted)
- /usr/bin/.Xl1/data/gphoto2
- /dev/shm/pQnJmz
- /usr/bin/.Xl1/conf
- /memfd:lttng-ust-waits-1710866204.239171631 (deleted)
Deletes files:
- /pQnJmz
- /usr/bin/.Xl1/conf
Changes time of creation/access/modification of files:
- /usr/(null)
- /usr
- /usr/bin
- /usr/bin/.Xl1
- /usr/bin/.Xl1/kde
- /usr/bin/.Xl1/udevd
- /usr/lib
- /usr/lib/libselinux.so
- /(null)
- /usr/bin/.Xl1/f2
- /usr/bin/.Xl1/f1
- /usr/bin/.Xl1/data
- /usr/bin/.Xl1/data/gphoto2
- /usr/bin/.Xl1/conf
Network activity:
Establishes connection:
DNS ASK:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細