Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- e38387
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:33337
Establishes connection:
- 8.#.8.8:53
- 10#.#00.5.10:24
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- ro##y.shop
Sends data to the following servers:
- 10#.#00.5.10:24
- 65.##2.25.64:23
- 18#.##.211.78:23
- 22#.#67.15.4:23
- 23#.##0.159.65:23
- 10#.##.169.152:23
- 23#.##5.220.210:23
- 80.###.117.132:23
- 10#.##.52.141:23
- 17#.##2.223.155:23
- 22#.##.202.128:23
- 20#.##.113.234:23
- 81.##.203.158:23
- 12.##9.33.23:23
- 12#.##.54.127:23
- 22#.##1.238.58:23
- 15#.##5.233.133:23
- 10#.#79.59.2:23
- 12#.##3.37.131:23
- 46.##.53.60:23
- 18#.#02.64.9:23
- 17#.#.37.45:23
- 16.##0.166.9:23
- 11#.#6.26.12:23
- 16#.##.180.160:23
- 15#.##3.159.230:23
- 14#.##2.250.18:23
- 16#.##.93.125:23
- 18#.##1.245.251:23
- 11#.##.139.190:23
- 19#.##.238.40:23
- 22#.##2.181.81:23
- 14#.##8.139.242:23
- 1.##.146.118:23
- 17#.##.222.167:23
- 16#.##.52.156:23
- 76.##.204.48:23
- 52.##1.67.99:23
- 23#.##3.15.156:23
- 71.##.136.199:23
- 17#.##6.24.54:23
- 34.##.32.220:23
- 74.###.64.132:23
- 15#.##2.116.54:23
- 35.###.77.187:23
- 98.##.227.75:23
- 13#.##.105.236:23
- 18#.##.137.25:23
- 36.###.98.128:23
- 60.##.230.121:23
- 65.##.28.65:23
- 23#.##3.51.59:23
- 15#.#2.32.86:23
- 15#.##.240.165:23
- 44.##.93.115:23
- 21#.##.150.136:23
- 12#.#.97.75:23
- 85.###.219.45:23
- 13#.##1.152.25:23
- 14#.##6.219.228:23
- 24#.##7.249.233:23
- 20#.##3.240.87:23
- 15#.##.188.206:23
- 24.##.51.114:23
- 88.##5.95.91:23
- 23#.##7.24.104:23
- 83.###.113.99:23
- 15.#.133.80:23
- 2.###.25.93:23
- 14#.##3.12.191:23
- 64.##.127.185:23
- 23#.##9.56.239:23
- 21#.##3.63.131:23
- 72.##.30.134:23
- 20#.##6.162.239:23
- 19#.##9.96.45:23
- 32.###.175.57:23
- 25#.##7.72.205:23
- 15#.##.253.69:23
- 54.###.33.194:23
- 18#.##9.186.4:23
- 80.###.59.117:23
- 12#.##.212.44:23
- 75.###.190.19:23
- 24#.##.41.106:23
- 24#.##.242.19:23
- 20#.##9.170.139:23
- 29.#.20.255:23
- 25#.##6.135.56:23
- 24#.##7.192.29:23
- 16#.##.61.147:23
- 5.##.210.146:23
- 55.##3.34.53:23
- 74.###.93.167:23
- 18#.##4.121.202:23
- 25#.#8.81.7:23
- 13.###.80.119:23
- 29.###.148.214:23
- 12.##.177.28:23
- 61.###.139.215:23
- 25.##.213.133:23
- 12#.##.46.157:23
- 19#.##8.47.227:23
- 99.###.162.234:23
- 87.###.130.80:23
- 12#.##3.122.152:23
- 24#.#6.28.5:23
- 13#.##3.74.18:23
- 23#.##5.156.129:23
- 4.###.90.36:23
- 21#.##9.204.179:23
- 59.###.202.238:23
- 71.###.45.187:23
- 17.###.254.203:23
- 13#.##3.238.188:23
- 12#.##8.93.151:23
- 13#.##.118.146:23
- 21#.##.167.157:23
- 14#.#0.94.12:23
- 15#.##7.103.197:23
- 24#.##.161.169:23
- 97.###.154.62:23
- 60.##.160.98:23
- 14#.##.131.130:23
- 19#.##.252.201:23
- 23#.##2.10.105:23
- 18#.#52.3.4:23
- 22#.##9.170.253:23
- 12#.##.183.200:23
- 19#.##0.204.104:23
- 15#.##8.3.157:23
- 18#.##7.98.211:23
- 2.###.166.102:23
- 13#.#52.6.79:23
- 23#.##.45.122:23
- 19#.##4.167.100:23
- 17.###.60.215:23
- 22#.##.59.102:23
- 11#.##6.133.113:23
- 13#.##4.128.122:23
- 14.##9.47.57:23
- 15#.##3.112.4:23
- 66.##6.35.25:23
- 12#.##.150.10:23
- 19#.##5.86.64:23
- 11#.##.120.53:23
- 16#.##3.175.14:23
- 15#.##7.45.128:23
- 18#.##2.229.139:23
- 22#.##2.24.80:23
- 84.##.137.177:23
- 31.###.177.188:23
- 14#.#4.55.46:23
- 17#.##5.156.218:23
- 13#.##5.13.177:23
- 11#.##2.23.75:23
- 85.###.124.252:23
- 12#.##8.110.183:23
- 44.#.113.151:23
- 15#.##.32.193:23
- 48.###.88.226:23
- 14#.##4.97.97:23
- 54.##1.20.4:23
- 9.##.8.60:23
- 28.###.79.238:23
- 24#.#.48.152:23
- 17#.##2.210.207:23
- 10#.##2.65.92:23
- 63.##.77.102:23
- 18#.##8.121.195:23
- 17#.##.113.64:23
- 93.##.32.133:23
- 21#.##1.147.92:23
- 15.###.39.240:23
- 11.##.144.203:23
- 48.###.185.39:23
- 36.###.243.158:23
- 19#.##.130.211:23
- 14#.##3.88.197:23
- 22#.##0.129.54:23
- 22.###.170.191:23
- 54.##.72.9:23
- 12#.#8.50.34:23
- 12#.##9.214.181:23
- 40.###.116.229:23
- 13#.##3.24.76:23
- 18#.##.163.111:23
- 17#.#2.52.54:23
- 22#.##3.117.64:23