Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- e28081
Kills the following processes:
- kthreadd
- rcu_gp
- rcu_par_gp
- kworker/0:0H
- kworker/u2:0
- mm_percpu_wq
- rcu_tasks_rude_
- rcu_tasks_trace
- ksoftirqd/0
- rcu_sched
- migration/0
- kworker/0:1
- cpuhp/0
- kdevtmpfs
- netns
- kauditd
- khungtaskd
- oom_reaper
- writeback
- kcompactd0
- ksmd
- khugepaged
- kintegrityd
- kblockd
- blkcg_punt_bio
- edac-poller
- devfreq_wq
- kworker/0:1H
- kswapd0
- kthrotld
- acpi_thermal_pm
- ipv6_addrconf
- kworker/u2:1
- kworker/u2:2
- kstrp
- zswap-shrink
- kworker/u3:0
- kworker/0:2
- ata_sff
- scsi_eh_0
- scsi_tmf_0
- scsi_eh_1
- scsi_tmf_1
- jbd2/sda1-8
- ext4-rsv-conver
- ttm_swap
- kworker/u2:3
- kworker/0:0
- 9bc2fd2a
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:33337
Establishes connection:
- 8.#.8.8:53
- 45.###.232.208:33335
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- ro##me.xyz
Sends data to the following servers:
- 45.###.232.208:33335
- 22#.##6.121.190:23
- 22#.##3.29.249:23
- 5.#.#6.83:23
- 13#.##0.204.250:23
- 22#.##3.125.24:23
- 16#.##5.235.50:23
- 74.###.212.89:23
- 20#.##.63.250:23
- 2.##.175.58:23
- 36.##.187.65:23
- 12#.##1.5.165:23
- 73.###.173.225:23
- 24#.#8.86.12:23
- 22.##.119.2:23
- 36.###.65.114:23
- 20#.##6.9.180:23
- 15#.#8.12.53:23
- 4.###.157.97:23
- 9.#.#16.42:23
- 24#.##8.168.11:23
- 14#.##7.3.163:23
- 34.##.253.47:23
- 18#.#8.88.77:23
- 25.###.188.148:23
- 21#.##7.42.245:23
- 24.##.184.27:23
- 91.##.20.45:23
- 17#.##4.79.238:23
- 21#.##.195.90:23
- 14#.##.40.253:23
- 10#.##0.27.198:23
- 22#.##3.45.116:23
- 21#.##1.159.4:23
- 56.#.42.137:23
- 15#.##5.23.139:23
- 20#.##.77.250:23
- 12#.##8.47.183:23
- 13#.##5.57.196:23
- 11#.##0.18.116:23
- 18#.##.58.174:23
- 19#.##9.82.132:23
- 19#.##5.126.2:23
- 22#.##6.232.67:23
- 17#.##.72.201:23
- 21#.##.176.186:23
- 39.##.218.222:23
- 56.###.195.242:23
- 18#.##.249.156:23
- 51.###.223.27:23
- 3.##.21.190:23
- 27.##.174.139:23
- 18#.##.162.145:23
- 12#.##2.161.211:23
- 45.###.57.154:23
- 15#.##.206.46:23
- 22#.##8.77.81:23
- 14#.##.132.136:23
- 15#.##9.97.205:23
- 10#.##.149.12:23
- 18#.##5.205.166:23
- 16#.##6.137.180:23
- 92.###.24.125:23
- 14#.##.194.216:23
- 24#.##6.223.98:23
- 48.##7.69.72:23
- 23#.##.240.221:23
- 10#.#.63.198:23
- 49.##.176.68:23
- 17#.##2.231.220:23
- 44.##.224.103:23
- 24#.#47.9.68:23
- 17#.##.118.173:23
- 78.###.20.189:23
- 15#.#4.51.33:23
- 18#.##1.121.170:23
- 22#.##.153.200:23
- 15#.##0.215.70:23
- 11#.##5.38.212:23
- 13#.##.30.183:23
- 73.##.149.254:23
- 10#.##1.193.173:23
- 89.###.58.111:23
- 86.##4.33.34:23
- 22#.##.253.221:23
- 16#.##2.183.11:23
- 41.###.191.153:23
- 11#.##.16.213:23
- 16#.##9.19.177:23
- 10#.##.154.232:23
- 20#.##5.141.186:23
- 17#.##.59.187:23
- 14#.##.189.86:23
- 12#.##.191.122:23
- 18#.##.238.66:23
- 13.##.105.169:23
- 21#.##6.10.41:23
- 70.###.247.130:23
- 22#.##6.144.8:23
- 16.###.143.192:23
- 17#.##8.89.27:23
- 85.###.154.114:23
- 13#.##4.49.73:23
- 11#.##3.233.91:23
- 21#.##6.87.141:23
- 93.##1.94.82:23
- 25#.#.196.219:23
- 66.###.122.145:23
- 21#.##7.208.102:23
- 11#.##.231.190:23
- 15.###.157.132:23
- 18.##.96.209:23
- 25#.##5.127.172:23
- 21#.#.95.143:23
- 4.###.123.97:23
- 17.##.113.202:23
- 23#.##.16.191:23
- 21#.##0.204.200:23
- 9.##.105.2:23
- 10#.##2.164.250:23
- 23#.##.145.113:23
- 92.##.151.25:23
- 13.##7.30.30:23
- 52.###.15.151:23
- 11#.##0.228.9:23
- 23#.##8.203.16:23
- 19#.##.107.29:23
- 12#.##.149.252:23
- 17#.##4.158.182:23
- 72.##.46.208:23
- 95.###.115.155:23
- 35.##.86.164:23
- 5.###.56.4:23
- 24.###.127.116:23
- 13#.##1.154.76:23
- 11#.##.129.90:23
- 16#.##.14.212:23
- 24#.##7.156.122:23
- 12#.##2.17.219:23
- 17#.##8.60.195:23
- 21#.#2.41.24:23
- 15#.##.196.132:23
- 24#.##7.247.222:23
- 95.##.233.35:23
- 10#.##7.232.65:23
- 69.##.37.200:23
- 12#.##6.22.112:23
- 10#.##5.47.49:23
- 20#.##.196.96:23
- 18#.##1.107.204:23
- 25#.##.46.152:23
- 20#.#4.41.15:23
- 15#.##3.96.33:23
- 19#.#8.9.23:23
- 17.##.60.22:23
- 35.##2.219.8:23
- 39.###.86.208:23
- 17#.#1.22.74:23
- 84.###.77.187:23
- 19#.##.193.27:23
- 22#.##.200.203:23
- 78.##7.55.62:23
- 13#.##.221.212:23
- 15#.##3.167.59:23
- 33.#.62.43:23
- 77.###.179.153:23
- 33.#.107.169:23
- 13#.##6.218.224:23
- 12#.##.155.212:23
- 20#.##6.37.99:23
- 22.#.114.212:23
- 15#.##0.130.79:23
- 16#.##4.34.95:23
- 56.###.138.184:23
- 71.##.143.127:23
- 14#.##.85.111:23
- 84.##.94.247:23
- 16#.##4.182.74:23
- 44.##.21.200:23
- 65.##.127.100:23
- 92.###.248.16:23
- 34.##4.83.12:23
- 27.##.46.234:23
- 68.#.114.64:23
- 38.###.52.164:23
- 22#.##8.122.50:23
- 14#.##2.50.250:23
- 14#.##5.183.40:23
- 73.##.130.59:23
- 22.###.55.208:23
- 15#.##7.126.71:23
- 10#.##1.25.218:23
- 24#.##8.85.251:23
- 16#.##.243.215:23
- 11.##.68.37:23
Receives data from the following servers:
- 45.###.232.208:33335