Technical Information
Malicious functions:
Gains root privileges
Launches processes:
- sh -c ping -c 4 194.186.207.182 > Ping.log
- ping -c 4 194.186.207.182
- sh -c ifconfig -a > IFConfig.log
- ifconfig -a
- sh -c cp /usr/lib/Amicon_ip-client/log/* ./ > /dev/null
- cp /usr/lib/Amicon_ip-client/log/* ./
- sh -c cp /var/log/dpkg.log ./ > /dev/null
- cp /var/log/dpkg.log ./
- sh -c cp /var/log/dmesg ./ > /dev/null
- cp /var/log/dmesg ./
- sh -c cp /var/log/kern.log ./ > /dev/null
- cp /var/log/kern.log ./
- sh -c zip -mr ./CliDiagn.zip ./CliDiagn > /dev/null
- zip -mr ./CliDiagn.zip ./CliDiagn
Performs operations with the file system:
Modifies file access rights:
- /root/CliDiagn.zip
Creates folders:
- /root/CliDiagn
Deletes folders:
- /root/CliDiagn
Creates or modifies files:
- /root/CliDiagn/Ping.log
- /root/CliDiagn/IFConfig.log
- /root/CliDiagn/dpkg.log
- /root/CliDiagn/dmesg
- /root/CliDiagn/kern.log
- /root/CliDiagn.zip
- /root/zi5v2hOU
Deletes files:
- /root/CliDiagn.zip
- /root/CliDiagn/dmesg
- /root/CliDiagn/kern.log
- /root/CliDiagn/IFConfig.log
- /root/CliDiagn/Ping.log
- /root/CliDiagn/dpkg.log
Network activity:
Establishes connection:
- 19#.###.207.182:1025
Sends data to the following servers:
- 19#.##6.207.182:0
