Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Packed.941

Added to the Dr.Web virus database: 2020-10-02

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • vc0042ilbjzobyk4zw5qn
Network activity:
Awaits incoming connections on ports:
  • 19#.##8.214.50:3467
Establishes connection:
  • 8.#.8.8:53
  • 5.###.227.140:4321
  • 5.###.227.140:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 5.###.227.140:4321
  • 5.###.227.140:7685
  • 0.0.0.0:0
  • 25#.##.29.167:23
  • 24#.##.130.130:23
  • 25#.##.45.123:23
  • 41.###.114.221:23
  • 79.###.229.189:23
  • 76.##.75.149:23
  • 16#.##0.98.26:23
  • 20#.##6.119.97:23
  • 49.###.34.105:23
  • 29.###.108.192:23
  • 23#.##.247.214:23
  • 42.##3.53.63:23
  • 78.###.172.119:23
  • 25.###.215.206:23
  • 97.##.9.142:23
  • 14#.##5.110.111:23
  • 14#.#9.9.52:23
  • 86.##7.2.245:23
  • 14#.##2.224.63:23
  • 11#.#.101.164:23
  • 54.#.132.117:23
  • 9.###.55.155:23
  • 18#.##1.79.19:23
  • 19.##.44.19:23
  • 61.##.165.53:23
  • 59.###.92.235:23
  • 14#.##.143.153:23
  • 4.###.127.83:23
  • 90.##8.184.7:23
  • 18#.##.179.161:23
  • 21#.##8.115.150:23
  • 20.###.131.126:23
  • 24#.##.101.140:23
  • 40.#.41.177:23
  • 24#.#.27.113:23
  • 10#.#.2.79:23
  • 25.###.69.226:23
  • 21#.#3.27.36:23
  • 13#.##.161.191:23
  • 48.###.137.66:23
  • 16#.##5.212.72:23
  • 21#.##.54.195:23
  • 18#.##5.44.209:23
  • 95.##4.5.140:23
  • 11#.##4.21.217:23
  • 85.##.29.157:23
  • 56.##.106.226:23
  • 45.###.171.83:23
  • 86.##.202.148:23
  • 25#.##.77.235:23
  • 10#.##.97.110:23
  • 34.#.126.40:23
  • 96.##.226.193:23
  • 22#.##1.192.173:23
  • 17#.##3.200.96:23
  • 66.###.204.63:23
  • 83.###.187.117:23
  • 26.##.110.61:23
  • 14#.##3.181.162:23
  • 14#.##.55.122:23
  • 15#.##9.234.217:23
  • 65.##.62.230:23
  • 16#.##.248.129:23
  • 11#.##4.23.232:23
  • 10#.##8.205.29:23
  • 19.###.94.148:23
  • 11#.##9.83.156:23
  • 72.###.96.129:23
  • 15.##.214.134:23
  • 19#.##0.20.69:23
  • 16#.##.239.235:23
  • 25#.##5.167.216:23
  • 18#.##0.192.41:23
  • 12#.##.149.240:23
  • 24#.##4.149.172:23
  • 18#.##5.251.98:23
  • 21#.##.171.134:23
  • 10.###.168.109:23
  • 22#.##8.199.241:23
  • 12#.##.208.16:23
  • 20#.#20.5.18:23
  • 23#.#.182.255:23
  • 60.###.71.184:23
  • 81.###.91.251:23
  • 26.###.233.200:23
  • 11#.##2.79.122:23
  • 23#.#.61.2:23
  • 41.##.183.175:23
  • 41.###.185.211:23
  • 44.###.132.164:23
  • 15#.#.238.242:23
  • 7.###.130.243:23
  • 15#.#5.25.76:23
  • 24#.##8.188.39:23
  • 10#.##5.188.195:23
  • 78.###.150.109:23
  • 33.###.147.153:23
  • 10#.##.57.200:23
  • 10#.##9.220.210:23
  • 14#.##8.87.37:23
  • 13#.##8.237.83:23
  • 72.###.205.71:23
  • 17#.##.95.231:23
  • 19.###.172.221:23
  • 13#.##6.223.255:23
  • 12#.##3.118.30:23
  • 10#.##4.69.98:23
  • 16#.##5.139.193:23
  • 13#.##2.229.46:23
  • 22#.##.178.157:23
  • 21.##.94.89:23
  • 16#.##2.78.100:23
  • 17#.##.63.143:23
  • 5.###.162.224:23
  • 15.###.76.221:23
  • 73.###.196.55:23
  • 30.###.80.123:23
  • 11#.##.204.188:23
  • 24#.#3.19.7:23
Receives data from the following servers:
  • 5.###.227.140:7685
  • 5.###.227.140:4321

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number