Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- wvx50n0ql9zf59
Performs operations with the file system:
Creates or modifies files:
- <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:8888
Establishes connection:
- 8.#.8.8:53
- 18#.##.138.97:2231
HTTP GET requests:
- http://##.##.4.51login.cgi
Sends data to the following servers:
- 58.##.38.4:8081
- 34.###.25.15:9997
- 13#.##.132.53:8081
- 14#.##0.251.44:8090
- 17#.##.63.98:8090
- 16#.###.184.133:8080
- 23#.##8.218.79:8081
- 87.##.16.240:82
- 75.##.161.152:9997
- 89.##.230.219:8081
- 19#.##3.5.176:8181
- 17#.##.113.95:8181
- 16.###.9.62:8081
- 77.#.159.98:82
- 17#.##6.153.203:81
- 45.#.#44.105:9997
- 12#.###.150.172:8181
- 75.###.79.232:9997
- 10#.#2.3.224:81
- 10#.#.163.151:9997
- 21#.##.179.74:80
- 22#.##7.225.134:443
- 19#.##8.93.239:8081
- 24.###.68.135:80
- 35.##.97.214:443
- 44.###.63.147:8181
- 20#.##2.172.76:8081
- 25.###.244.229:9997
- 9.##.15.169:81
- 6.##.#5.196:8181
- 20#.##.40.58:8080
- 69.###.135.151:443
- 21#.##.250.56:8080
- 59.###.46.83:8081
- 12#.##7.79.121:81
- 10#.###.172.167:8181
- 82.##.147.68:80
- 77.###.204.197:9997
- 24#.##4.113.230:443
- 10#.###.155.113:8081
- 14#.##2.107.42:80
- 12#.##7.162.178:82
- 20.###.241.109:9997
- 12#.#.160.177:8090
- 10#.#.113.42:82
- 10#.##1.3.12:8181
- 22#.##5.103.15:443
- 51.###.166.246:8090
- 19#.##5.128.12:9997
- 10#.##1.44.46:81
- 12#.##.249.11:81
- 48.###.182.103:80
- 16#.##.60.237:82
- 11#.##0.252.170:82
- 13.##.112.19:8090
- 24#.##.47.156:9997
- 21#.##.208.242:8081
- 96.###.44.106:9997
- 18#.##8.77.41:82
- 18#.##.138.97:2231
- 24#.##3.20.59:8181
- 29.###.133.78:81
- 25#.###.138.213:9997
- 18#.##.233.140:81
- 93.###.46.147:81
- 17#.#6.65.85:80
- 98.###.5.98:8081
- 5.##.#56.209:8181
- 10#.##.27.127:9997
- 80.###.90.23:443
- 19#.#.108.189:8081
- 20#.#5.11.71:82
- 52.###.158.221:8181
- 19#.##.162.48:82
- 17#.##7.3.210:8090
- 10#.###.160.161:8090
- 13#.##0.83.47:81
- 1.###.105.161:8081
- 10#.##.198.132:9997
- 52.###.171.121:8081
- 24#.###.149.145:8090
- 16#.##5.127.74:80
- 18#.##.182.206:8080
- 95.##.71.182:8081
- 78.##.43.185:8080
- 30.###.138.27:8181
- 10#.##0.174.117:443
- 12.###.17.234:8081
- 15#.##4.219.83:81
- 15.##.170.244:9997
- 17#.##1.45.171:8080
- 86.##4.48.82:82
- 72.###.219.157:443
- 10#.##.250.143:8090
- 74.##.60.18:9997
- 12#.##5.23.69:9997
- 11#.##8.236.145:82
- 18#.##.253.63:81
- 55.###.167.189:82
- 12#.#.244.116:443
- 15#.##0.8.101:443
- 8.##.#37.239:8081
- 3.###.67.100:8081
- 78.##.112.218:8090
- 49.###.138.190:443
- 23#.##.44.175:8081
- 21#.##8.112.77:8181
- 93.##9.18.17:81
- 73.###.121.101:80
- 10.###.195.201:80
- 15#.##1.83.120:443
- 20#.#.2.179:8090
- 10#.##6.119.218:82
- 10#.##.137.24:82
- 40.##.238.244:443
- 25.##.83.75:81
- 78.###.123.158:8181
- 71.##.176.153:80
- 23.###.24.104:9997
- 19#.##8.208.6:81
- 11#.##0.63.36:9997
- 22#.###.206.121:8081
- 13#.##2.22.68:82
- 12#.###.153.228:8090
- 69.##.196.28:8181
- 18#.##2.67.120:81
- 12#.###.226.134:8090
- 48.##3.249.1:82
- 13#.###.251.109:8081
- 15#.##5.241.68:8090
- 54.##.148.8:81
- 54.#.161.58:81
- 61.##.169.116:8081
- 22#.##7.128.242:80
- 2.###.174.192:81
- 20#.##2.56.190:8080
- 91.##.95.205:80
- 5.##.85.156:443
- 20#.##2.160.82:8090
- 34.###.122.248:8181
- 23#.##.54.154:81
- 20#.#.92.150:8181
- 16#.##0.18.227:8090
- 21#.##.35.109:8090
- 20#.###.240.224:8181
- 10#.##.214.156:443
- 15#.##3.37.9:8081
- 59.###.74.109:81
- 20#.##.45.231:8080
- 11.##.72.10:8090
- 21#.##0.121.253:82
- 11#.##2.188.24:8080
- 11#.##8.1.192:82
- 12#.##.154.128:9997
- 37.##.250.109:8081
- 19.###.81.226:443
- 18#.##5.69.6:8080
- 21#.##4.247.27:443
- 22#.###.243.127:9997
- 10#.##9.72.222:9997
- 40.###.185.165:443
- 25.##.168.127:443
- 59.###.161.131:80
- 70.##.21.22:443
- 23#.#9.1.223:82
- 17#.##4.43.152:8090
- 40.###.235.28:8090
- 15#.##.211.250:81
- 17#.##1.83.193:8080
- 21#.##0.24.203:8080
- 40.##.203.47:81
- 99.##.247.170:8090
- 14#.##8.99.10:8081
- 19#.##7.15.40:443
- 21#.##.249.141:8080
- 24.#.115.209:81
- 23#.##.232.195:8081
- 13#.##7.78.81:443
- 12#.##.118.122:8081
- 15#.##6.77.189:8181
- 1.###.185.98:82
- 23#.###.151.113:8080
- 17#.##1.226.19:8080
- 13#.##9.187.94:8080
- 13#.##.117.35:8081
- 83.##.92.40:8090
- 62.###.141.245:8090
- 18#.##5.251.41:82
- 34.##.8.4:443
- 20#.##9.38.209:9997
- 37.###.234.8:8081
- 22#.##8.89.106:81
- 82.###.88.211:8090
- 17#.###.176.231:9997
- 12#.##2.226.35:80
- 79.###.191.170:8081
- 52.###.101.157:8080
- 26.###.131.47:9997
- 18.##.171.212:8081
- 16#.##.83.5:8181
- 10#.##1.39.59:81
- 52.###.73.124:9997
- 20#.##.236.187:9997
- 14#.##.151.180:81
- 16#.##.147.181:8181
- 98.##.146.61:9997
- 50.##.22.98:81
- 18#.##6.192.249:80
- 96.###.36.208:81
- 39.#.102.111:80
- 15#.#45.9.63:81
- 94.###.210.121:80
- 17#.##.143.22:8090
- 11#.#54.0.7:80
- 75.##.71.197:443
- 74.##.144.221:8181
- 44.##.159.9:8080
- 15#.##5.179.0:80
- 17#.##.192.134:81
- 94.##.43.211:8181
- 32.###.205.125:81
- 10#.###.100.252:8080
- 43.##.84.215:443
- 25.###.47.169:80
- 15.###.115.32:82
- 24#.###.156.114:8081
- 14#.##.71.22:8081
- 18#.##.3.80:9997
- 22#.#.160.240:81
- 21#.##6.216.2:81
- 53.###.246.67:81
- 22#.##0.112.13:443
- 24#.##.118.170:9997
- 24.###.247.117:9997
- 7.###.41.6:8090
- 83.###.227.137:8080
- 10#.##0.87.36:8080
- 10#.##9.25.249:80
- 85.###.117.231:8080
- 18#.##8.123.96:8080
