Technical Information
Malicious functions:
Removes itself
Launches processes:
- chmod 755 /tmp/leet_malware
- /tmp/leet_malware
- sh -c rm -f /tmp/leet_malware > /dev/null 2> /dev/null
- rm -f /tmp/leet_malware
- rm -rf / --no-preserve-root
- rm -rf /root/
- rm -rf ./
Performs operations with the file system:
Modifies file access rights:
- /tmp/leet_malware
Creates or modifies files:
- /tmp/leet_malware
Deletes files:
- /tmp/leet_malware
- /root/vmlinuz
- /root/.bashrc
- /root/inode_readahead_blks
- /root/mb_max_to_scan
- /root/msg_ratelimit_burst
- /root/delayed_allocation_blocks
- /root/max_writeback_mb_bump
- /root/mb_stream_req
- /root/mb_min_to_scan
- /root/mb_stats
- /root/trigger_fs_error
- /root/err_ratelimit_burst
- /root/session_write_kbytes
- /root/lifetime_write_kbytes
- /root/mb_group_prealloc
- /root/inode_goal
- /root/reserved_clusters
- /root/extent_max_zeroout_kb
- /root/err_ratelimit_interval_ms
- /root/warning_ratelimit_burst
- /root/warning_ratelimit_interval_ms
- /root/mb_order2_req
- /root/msg_ratelimit_interval_ms
- /root/meta_bg_resize
- /root/batched_discard
- /root/lazy_itable_init
- /root/tasks
- /root/cgroup.procs
- /root/release_agent
- /root/cgroup.clone_children
- /root/cgroup.sane_behavior
- /root/notify_on_release
- /root/blkio.throttle.io_serviced
