La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Siggen.2426

Aggiunto al database dei virus Dr.Web: 2020-03-11

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Substitutes application name for:
  • t2hdnii6nfw1
Launches processes:
  • sh -c mkdir /htmdkr4aewmd/ && >/htmdkr4aewmd/htmdkr4aewmd && cd /htmdkr4aewmd/
  • mkdir /htmdkr4aewmd/
  • sh -c mv <SAMPLE_FULL_PATH> /htmdkr4aewmd/htmdkr4aewmd; chmod 777 /htmdkr4aewmd/htmdkr4aewmd
  • mv <SAMPLE_FULL_PATH> /htmdkr4aewmd/htmdkr4aewmd
  • chmod 777 /htmdkr4aewmd/htmdkr4aewmd
Performs operations with the file system:
Modifies file access rights:
  • /htmdkr4aewmd/htmdkr4aewmd
Creates folders:
  • /htmdkr4aewmd
Creates or modifies files:
  • /htmdkr4aewmd/htmdkr4aewmd
  • <SAMPLE_FULL_PATH>
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 94.###.57.241:1339
  • 43.###.31.172:26
  • 18#.##1.249.89:2223
  • 45.###.78.216:26
  • 45.##.233.123:26
  • 15#.##0.125.5:26
  • 10#.##4.95.174:2223
  • 14#.##.211.79:2223
  • 27.###.88.180:2223
  • 22#.##4.32.159:26
  • 22#.###.211.122:2223
  • 11#.##6.93.206:26
  • 15#.##.69.236:26
  • 10#.##.145.235:2223
  • 14#.###.195.213:2223
  • 37.###.130.100:2223
  • 13#.##0.144.20:26
  • 45.##.227.158:26
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Attacks using a special dictionary (brute-force technique) via an undefined protocol.
Sends data to the following servers:
  • 94.###.57.241:1339
  • 35.##.223.217:26
  • 85.###.207.164:2223
  • 60.###.72.27:2223
Receives data from the following servers:
  • 94.###.57.241:1339
  • 22#.###.211.122:2223

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number