Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- [md]
Kills the following processes:
- atd
- cron
- rpc.idmapd
- <SAMPLE>
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:55321
Establishes connection:
- 19#.###.239.183:3000
- 19#.##0.239.183:335
- 8.#.8.8:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 19#.##0.239.183:0
- 19#.##0.239.183:335
- 89.##3.175.8:23
- 15#.##5.211.213:23
- 38.##5.94.98:23
- 21#.##0.51.197:23
- 13#.##5.215.167:23
- 15#.##5.9.199:23
- 17#.#.246.74:23
- 17.##.187.249:23
- 84.###.209.39:23
- 35.##.52.8:23
- 80.###.179.163:23
- 8.###.148.199:23
- 13#.##2.14.200:23
- 11#.##0.123.131:23
- 13#.##.177.118:23
- 54.##.61.18:23
- 11#.##.174.21:23
- 67.##.156.51:23
- 2.###.31.154:23
- 12#.##2.34.21:23
- 14#.##0.252.83:23
- 91.##.248.16:23
- 20#.##2.46.68:23
- 86.###.208.185:23
- 37.###.136.56:23
- 18#.##.124.131:23
- 14#.#9.9.108:23
- 12#.##.255.254:23
- 14#.##.234.167:23
- 11#.##2.49.115:23
- 14#.##.144.93:23
- 12#.##.236.146:23
- 8.###.209.166:23
- 13#.##4.158.106:23
- 19#.##.176.46:23
- 18#.##3.255.219:23
- 38.##7.80.79:23
- 17#.#48.9.41:23
- 13#.##0.12.129:23
- 77.#.176.29:23
- 54.##.150.77:23
- 20#.##5.246.150:23
- 48.##.165.119:23
- 18#.##5.83.142:23
- 64.##.182.65:23
- 79.##.252.114:23
- 20#.##8.105.0:23
- 12#.##0.135.49:23
- 19#.#.128.219:23
- 16#.#.206.183:23
- 16#.#8.165.3:23
- 18.#.229.36:23
- 84.###.225.236:23
- 65.###.199.210:23
- 19#.##7.226.161:23
- 54.##.84.189:23
- 93.###.133.155:23
- 11#.#74.70.5:23
- 14#.##5.201.56:23
- 58.###.134.252:23
- 5.##.251.115:23
- 21#.##.46.101:23
- 69.###.12.106:23
- 11#.##5.61.37:23
- 18#.##8.198.219:23
- 17#.##.211.131:23
- 13#.##6.46.233:23
- 13#.##.239.225:23
- 18#.#78.40.5:23
- 45.##.145.18:23
- 17#.##3.240.158:23
- 65.##.206.152:23
- 31.##.188.183:23
- 59.##.65.133:23
- 25.##.126.131:23
- 19#.##.137.79:23
- 19#.#8.78.63:23
- 16#.##1.191.126:23
- 13#.##2.226.53:23
- 13#.#6.17.10:23
- 16#.##.107.62:23
- 14#.##.229.121:23
- 19#.##5.246.72:23
- 88.###.94.200:23
- 16#.#5.44.62:23
- 65.###.160.192:23
- 45.##2.9.227:23
- 52.###.204.87:23
- 19.##.177.197:23
- 17.##.5.3:23
- 20#.##.142.242:23
- 74.##.210.207:23
- 13#.##1.101.53:23
- 58.###.145.230:23
- 9.###.243.250:23
- 35.##.234.212:23
- 45.##.184.87:23
- 93.###.80.250:23
- 15#.##.253.238:23
- 18#.##3.136.211:23
- 27.##.160.164:23
- 12#.##.246.225:23
- 12#.##2.206.140:23
- 20#.##9.155.152:23
- 97.###.253.21:23
- 61.##.69.146:23
- 10#.#.33.199:23
- 18.###.13.133:23
- 18#.##.123.128:23
- 27.###.129.232:23
- 20#.##9.89.148:23
- 99.##.105.119:23
- 18#.##2.222.217:23
- 92.###.21.233:23
- 60.##.14.29:23
- 49.###.82.152:23
- 10#.##3.95.91:23
- 35.##.61.215:23
- 13#.##.206.219:23
- 75.##.49.57:23
- 12#.##7.233.0:23
- 22#.##.240.126:23
- 22#.#39.7.87:23
- 24.###.178.119:23
- 13#.##4.121.210:23
- 10#.##4.253.103:23
- 73.##.131.132:23
- 45.###.241.57:23
- 95.##5.33.39:23
- 15#.##.198.25:23
- 99.##.93.74:23
- 13#.##.223.106:23
- 12#.##6.199.208:23
- 18#.##7.74.103:23
- 50.###.203.57:23
- 16#.##.113.12:23
- 69.###.38.144:23
- 13#.##2.208.173:23
- 16#.##.80.164:23
- 18#.##.124.55:23
- 61.##.248.212:23
- 12#.##8.78.56:23
- 4.###.223.175:23
- 12#.##.157.150:23
- 18#.##3.82.34:23
- 12#.##.118.44:23
- 34.###.41.156:23
- 10#.##7.134.52:23
- 69.###.74.164:23
- 14#.##8.208.217:23
- 14#.##2.248.180:23
- 12#.##0.64.14:23
- 10#.##1.105.181:23
- 51.##.113.243:23
- 83.###.200.29:23
- 97.###.227.226:23
- 49.###.109.94:23
- 18#.##5.215.55:23
- 14#.##0.211.20:23
- 10#.#9.74.29:23
- 18#.##.217.150:23
- 18#.##.128.23:23
- 69.###.75.224:23
- 61.###.234.86:23
- 17#.##.52.149:23
- 81.###.245.254:23
- 18#.##8.228.210:23
- 66.###.137.89:23
- 15#.##6.205.170:23
- 17#.##.217.68:23
- 1.##.1.163:23
- 11#.##.175.98:23
- 73.##.83.2:23
- 23.###.210.51:23
- 15#.##2.104.195:23
- 54.###.248.43:23
- 70.##.101.44:23
- 17#.##4.252.90:23
- 43.##2.17.19:23
- 42.###.177.154:23
- 58.###.117.147:23
- 12#.#.92.148:23
- 14#.##0.123.248:23
- 13.###.200.252:23
- 45.###.57.181:23
- 10#.##.119.130:23
- 8.###.61.126:23
- 16#.##6.89.85:23
- 20#.##7.238.98:23
- 11#.##.54.190:23
- 16#.#5.30.0:23
- 70.###.177.99:23
- 88.###.197.20:23
- 18#.##7.168.93:23
- 10#.##.88.190:23
- 12#.##3.102.208:23
- 20#.#.38.173:23
- 18#.##.38.227:23
- 27.##.215.249:23
- 17#.##.205.137:23
- 22#.##2.124.202:23
- 19#.#.74.214:23
- 53.##.77.231:23
- 68.###.155.108:23
- 19#.##.196.103:23
- 17#.##6.115.189:23
- 94.##8.46.88:23
- 42.##.61.96:23
- 12#.##1.191.8:23
- 64.##.233.155:23
- 12#.##6.156.248:23
- 19#.##2.255.23:23
- 14#.##.34.110:23
- 17#.##1.16.68:23
- 58.##.176.93:23
- 4.###.229.100:23
- 58.##.88.129:23
- 11#.##9.128.175:23
- 14#.#6.23.69:23
- 10#.##2.86.64:23
- 17#.##6.158.130:23
- 20#.##.184.98:23
- 13#.##.225.99:23
- 13#.##.90.130:23
- 17#.##5.34.152:23
- 8.###.249.79:23
- 13#.##3.165.129:23
- 19.##9.59.57:23
- 10#.#2.44.54:23
- 10#.##3.115.167:23
- 18#.#4.27.21:23
- 14#.##3.152.208:23
- 19#.##8.67.203:23
- 19#.##.131.110:23
- 10#.##.191.181:23
- 44.##.172.51:23
- 21#.##.237.116:23
- 20#.##3.242.219:23
- 14#.##8.84.114:23
- 14#.##.207.131:23
- 16#.##9.118.57:23
- 21#.##0.223.111:23
- 39.##7.98.16:23
- 61.###.189.44:23
- 18.#.41.128:23
- 13#.##0.30.79:23
- 12#.##.206.235:23
- 13#.##3.38.15:23
- 13#.##9.9.232:23
- 8.###.27.64:23
- 35.###.220.231:23
- 64.##6.18.84:23
- 67.##.205.220:23
- 20#.##.233.43:23
- 13#.##9.49.31:23
- 18#.##1.250.61:23
- 17#.#1.81.6:23
- 11#.##.165.64:23
- 21#.##.40.215:23
- 20#.##2.177.77:23
- 47.##.187.143:23
- 12#.##7.178.175:23
- 10#.##4.228.72:23
- 68.###.192.71:23
- 10#.##.22.176:23
- 18#.##.229.59:23
- 21#.##7.40.162:23
- 44.###.127.99:23
- 19#.##9.67.121:23
- 11#.##2.218.176:23
- 13#.##2.193.53:23
- 14#.##.83.152:23
- 21#.##5.144.7:23
- 48.###.174.53:23
- 11#.##5.15.125:23
- 19#.#15.46.7:23
- 50.###.135.243:23
- 1.##.104.75:23
- 17.###.133.119:23
- 46.###.46.200:23
- 16#.##.235.13:23
- 9.###.51.156:23
- 15#.##7.42.13:23
- 22#.##7.216.42:23
- 18#.##4.67.254:23
- 82.##2.14.54:23
- 4.##.141.144:23
- 14#.##.148.244:23
- 71.###.116.69:23
- 15#.#8.54.23:23
- 16#.##.127.165:23
- 19.##.199.220:23
- 19#.#.51.13:23
- 46.##.176.62:23
- 19#.#8.83.42:23
- 60.#.49.4:23
- 19#.#.202.194:23
- 91.###.138.147:23
- 10#.##3.70.199:23
- 12#.##.79.186:23
- 15#.#10.6.30:23
- 19#.#0.27.51:23
- 19#.##.66.214:23
- 14#.##3.175.22:23
- 59.###.185.42:23
- 11#.##.184.75:23
- 37.##1.88.69:23
- 13#.#3.89.79:23
- 16#.##9.139.85:23
- 92.##.20.85:23
- 12#.##0.236.106:23
- 46.##.86.244:23
- 42.##.136.57:23
- 20#.#.58.157:23
- 34.##2.204.6:23
- 15#.##.236.23:23
- 44.###.66.191:23
- 97.###.75.127:23
- 20#.#.242.222:23
- 11#.##3.173.149:23
- 15#.##0.70.226:23
- 19.##.236.81:23
- 18#.##5.27.37:23
- 91.###.229.17:23
- 14#.##.252.200:23
- 17#.##.116.24:23
- 15#.##5.222.147:23
- 19#.##.177.16:23
- 18#.##.17.236:23
- 21#.##.181.230:23
- 34.###.251.104:23
- 19#.##9.171.5:23
- 22#.##4.230.129:23
- 17#.##1.121.50:23
- 68.###.171.137:23
- 46.##.232.63:23
- 15#.#5.25.34:23
Receives data from the following servers:
- 19#.##0.239.183:335
