La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.MulDrop.27

Aggiunto al database dei virus Dr.Web: 2018-01-30

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Launches processes:
  • /bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
  • <SAMPLE_FULL_PATH>
  • /bin/bash <SAMPLE_FULL_PATH> -c
  • clear
  • rm -r matris
  • rm -r 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
  • useradd -m -p 123 tardis
  • nscd -i passwd
  • nscd -i group
Performs operations with the file system:
Modifies file access rights:
  • /home/tardis
  • /home/tardis/.bashrc
  • /home/tardis/.bash_logout
  • /home/tardis/.profile
  • /etc/passwd+
  • /etc/shadow+
  • /etc/group+
  • /etc/gshadow+
  • /etc/subuid+
  • /etc/subgid+
Creates folders:
  • /home/tardis
Creates symlinks:
  • /etc/passwd.lock"
  • /etc/group.lock"
  • /etc/gshadow.lock"
  • /etc/subuid.lock"
  • /etc/subgid.lock"
  • /etc/shadow.lock"
Creates or modifies files:
  • /etc/.pwd.lock
  • /etc/passwd.713
  • /etc/group.713
  • /etc/gshadow.713
  • /etc/subuid.713
  • /etc/subgid.713
  • /etc/shadow.713
  • /var/log/faillog
  • /var/log/lastlog
  • /home/tardis/.bashrc
  • /home/tardis/.bash_logout
  • /home/tardis/.profile
  • /etc/passwd-
  • /etc/passwd+
  • /etc/shadow-
  • /etc/shadow+
  • /etc/group-
  • /etc/group+
  • /etc/gshadow-
  • /etc/gshadow+
  • /etc/subuid-
  • /etc/subuid+
  • /etc/subgid-
  • /etc/subgid+
  • /etc/hosts
Deletes files:
  • /usr"/matris"
  • /usr"/1"
  • /usr"/2"
  • /usr"/3"
  • /usr"/4"
  • /usr"/5"
  • /usr"/6"
  • /usr"/7"
  • /usr"/8"
  • /usr"/9"
  • /usr"/10"
  • /usr"/11"
  • /usr"/12"
  • /usr"/13"
  • /usr"/14"
  • /usr"/15"
  • /usr"/16"
  • /usr"/17"
  • /usr"/18"
  • /usr"/19"
  • /usr"/20"
  • /usr"/21"
  • /usr"/22"
  • /usr"/23"
  • /usr"/24"
  • /usr"/25"
  • /usr"/26"
  • /usr"/27"
  • /usr"/28"
  • /usr"/29"
  • /usr"/30"
  • /etc/passwd.713"
  • /etc/group.713"
  • /etc/gshadow.713"
  • /etc/subuid.713"
  • /etc/subgid.713"
  • /etc/shadow.713"
  • /etc/shadow.lock"
  • /etc/passwd.lock"
  • /etc/group.lock"
  • /etc/gshadow.lock"
  • /etc/subuid.lock"
  • /etc/subgid.lock"
Other:
Collects RAM information

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number