La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Packed.943

Aggiunto al database dei virus Dr.Web: 2020-10-03

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • eeslnhnd3xivtvevajqu
Kills the following processes:
  • <SAMPLE>
Network activity:
Awaits incoming connections on ports:
  • 19#.##8.214.50:3467
Establishes connection:
  • 8.#.8.8:53
  • 5.###.227.140:4321
  • 5.###.227.140:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 5.###.227.140:7685
  • 0.0.0.0:0
  • 5.###.227.140:4321
  • 10#.##2.82.119:23
  • 8.###.205.117:23
  • 13#.##0.229.13:23
  • 89.###.204.102:23
  • 21#.##.189.186:23
  • 60.###.77.167:23
  • 49.##.43.0:23
  • 98.###.44.228:23
  • 14#.##2.166.192:23
  • 16#.##8.173.126:23
  • 12#.#52.87.0:23
  • 16#.##2.24.115:23
  • 69.###.175.134:23
  • 15.##9.74.34:23
  • 21#.#0.15.2:23
  • 19#.##.110.140:23
  • 25#.##6.82.37:23
  • 27.###.195.181:23
  • 24#.##2.199.231:23
  • 10.#.167.19:23
  • 71.###.51.145:23
  • 74.###.111.208:23
  • 57.###.146.84:23
  • 38.###.169.197:23
  • 12#.##.144.252:23
  • 14#.##3.215.156:23
  • 13.##5.7.118:23
  • 65.###.216.119:23
  • 44.##.147.209:23
  • 2.##.193.62:23
  • 16.###.51.221:23
  • 11#.##1.228.76:23
  • 85.#.32.188:23
  • 14#.##1.94.201:23
  • 23#.##5.74.202:23
  • 15#.##5.44.121:23
  • 18#.#.168.121:23
  • 92.###.51.214:23
Receives data from the following servers:
  • 5.###.227.140:7685
  • 5.###.227.140:4321

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number