Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- [watchdog]
Kills system processes:
- sshd
Kills the following processes:
- run.sh
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:34685
Establishes connection:
- 8.#.8.8:53
- 34.##.200.3:1111
- 34.##.200.3:1112
Sends data to the following servers:
- 11#.##2.25.135:23
- 19#.##3.112.166:23
- 14#.##7.142.248:23
- 16#.##.182.166:23
- 13#.##2.50.221:23
- 22#.##.10.133:23
- 19#.##7.160.239:23
- 18#.#30.32.7:23
- 17#.##2.6.141:23
- 18#.##.198.127:23
- 52.###.179.59:23
- 19#.##.177.59:23
- 10#.##.212.153:23
- 18#.##6.73.195:23
- 22#.##0.90.46:23
- 32.###.136.12:23
- 11#.##3.103.167:23
- 60.##.108.229:23
- 22#.##1.16.195:23
- 14#.##0.96.16:23
- 12.###.150.33:23
- 78.###.67.231:23
- 20#.##.52.115:23
- 12.##5.94.0:23
- 13.##.245.83:23
- 14#.##8.25.192:23
- 10#.##1.61.150:23
- 11#.##2.205.72:23
- 16#.##2.206.195:23
- 88.###.96.209:23
- 42.##.124.196:23
- 78.###.123.173:23
- 37.###.198.64:23
- 11#.##.75.213:23
- 15#.#.253.180:23
- 17#.##5.38.79:23
- 98.###.221.248:23
- 74.##.121.157:23
- 17#.##.71.171:23
- 17.##.197.73:23
- 18#.##2.130.140:23
- 14#.##3.216.126:23
- 18#.##.130.159:23
- 44.###.40.189:23
- 12#.##.115.211:23
- 17#.##6.181.127:23
- 59.##.92.187:23
- 70.##9.38.26:23
- 20#.##1.118.197:23
- 14#.##5.109.11:23
- 17#.##2.113.251:23
- 17#.##.135.167:23
- 21#.##.226.12:23
- 13#.##2.163.205:23
- 17.###.88.170:23
- 18#.##8.103.142:23
- 13#.##0.221.24:23
- 22#.##5.54.18:23
- 31.###.59.184:23
- 21#.##.128.36:23
- 11#.#3.98.9:23
- 11#.##5.166.220:23
- 8.###.26.72:23
- 11#.##.193.113:23
- 20#.##.171.72:23
- 12#.##2.162.240:23
- 53.##.12.191:23
- 15#.##2.15.204:23
- 10#.##.162.211:23
- 13#.##3.139.30:23
- 58.##4.94.53:23
- 23.##0.46.39:23
- 74.##6.20.93:23
- 18#.##.156.227:23
- 16#.##.186.255:23
- 21#.##2.65.255:23
- 17#.##4.19.241:23
- 79.###.102.169:23
- 17#.##3.234.171:23
- 17#.##1.61.226:23
- 21#.##2.173.239:23
- 77.###.226.83:23
- 10#.#3.85.63:23
- 27.###.199.115:23
- 86.##4.2.254:23
- 98.###.155.125:23
- 80.##.37.79:23
- 15#.##8.229.250:23
- 34.##.200.3:1111
- 4.###.69.153:23
- 5.###.18.168:23
- 21#.##.243.201:23
- 60.###.140.51:23
- 18#.##8.25.199:23
- 10#.##7.182.94:23
- 14#.##6.95.109:23
- 17#.##0.127.247:23
- 36.###.221.67:23
- 45.###.103.151:23
- 98.###.154.105:23
- 19.##.161.234:23
- 61.##.255.98:23
- 20#.#.214.51:23
- 86.###.250.43:23
- 23.#.84.16:23
- 99.##.99.164:23
- 18#.##9.217.194:23
- 10#.##.43.152:23
- 68.##.78.78:23
- 53.##.32.26:23
- 11#.##.89.215:23
- 19#.##.174.80:23
- 17#.##2.244.51:23
- 17.##4.13.55:23
- 21#.##0.78.12:23
- 17#.##.36.124:23
- 11#.##0.40.197:23
- 16#.##2.144.165:23
- 9.###.247.163:23
- 80.###.189.111:23
- 21#.#1.2.222:23
- 65.##.6.194:23
- 19#.##8.51.155:23
- 13#.#.125.133:23
- 41.#.78.200:23
- 40.##5.71.34:23
- 50.##.222.208:23
- 34.###.200.12:23
- 14#.##.100.247:23
- 16#.##7.248.209:23
- 19#.##5.102.216:23
- 10#.##7.238.70:23
- 13.###.248.232:23
- 23.###.120.123:23
- 85.##.77.21:23
- 54.###.48.253:23
- 16#.##0.225.21:23
- 21#.#34.92.5:23
- 13#.##2.193.63:23
- 60.###.219.218:23
- 17#.#1.62.24:23
- 12#.##6.181.24:23
- 89.###.218.102:23
- 93.##.184.231:23
- 52.##.9.39:23
- 21#.##.229.253:23
- 70.###.206.73:23
- 53.##2.97.83:23
- 14#.##.71.140:23
- 10#.##1.194.211:23
- 13#.##5.219.244:23
- 2.###.165.182:23
- 13#.##3.226.158:23
- 68.###.116.247:23
- 19#.##5.67.223:23
- 10#.##6.9.255:23
- 10#.#.189.42:23
- 17#.##9.164.132:23
- 18#.##.228.252:23
- 20#.##3.114.155:23
- 75.###.76.135:23
- 92.##.236.208:23
- 9.##.239.125:23
- 31.###.113.38:23
- 15#.##.133.61:23
- 62.##.183.92:23
- 14#.##7.136.229:23
- 13#.##4.130.10:23
- 18#.##4.74.47:23
- 66.###.48.217:23
- 16#.##.149.135:23
- 89.###.245.205:23
- 94.##.6.17:23
- 13.###.220.224:23
- 19#.##6.197.124:23
- 15#.##.235.191:23
- 18#.##6.79.14:23
- 20#.##.195.148:23
- 74.#.218.238:23
- 16#.##5.127.163:23
- 25.##.131.171:23
- 8.###.31.57:23
- 20#.##.100.204:23
- 14#.##1.119.61:23
- 63.###.88.195:23
- 18#.##9.222.10:23
- 76.##.148.154:23
- 79.###.70.178:23
- 19#.##0.240.135:23
- 85.#.142.12:23
- 86.###.130.121:23
- 19#.##4.116.203:23
- 18#.##3.13.194:23
- 10#.##6.149.254:23
- 5.##.89.50:23
- 90.###.161.104:23
- 14#.##3.15.10:23
- 19#.##.238.86:23
- 15#.##9.135.152:23
- 15#.##3.103.75:23
- 16#.##6.126.25:23
- 8.#.#18.26:23
- 11#.##.172.158:23
- 10#.##0.89.100:23
- 18#.##1.23.234:23
- 19#.##8.60.12:23
- 79.##.47.107:23
- 89.###.173.200:23
- 10#.##5.55.171:23
- 13#.##6.217.207:23
- 31.###.225.110:23
- 15#.##2.133.245:23
- 14#.##2.158.100:23
- 16#.##.143.148:23
- 18#.##.184.213:23
- 20#.##4.154.93:23
- 52.##.255.215:23
- 19#.##6.86.183:23
- 11#.##7.184.59:23
- 13#.##3.136.60:23
Receives data from the following servers:
- 34.##.200.3:1111
