Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- [kswapd0]
Performs operations with the file system:
Creates or modifies files:
- <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
- 19#.##8.218.50:3467
Establishes connection:
- 8.#.8.8:53
- 37.##.150.53:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 37.##.150.53:7685
- 0.0.0.0:0
- 1.###.238.142:23
- 17#.##.229.242:23
- 18#.##1.199.153:23
- 95.##.91.41:23
- 19#.##3.222.101:23
- 17#.##3.157.224:23
- 15#.##1.76.30:23
- 13#.##.86.214:23
- 73.##.118.242:23
- 24#.##.156.20:23
- 23#.##.36.155:23
- 56.###.119.132:23
- 22#.##3.196.86:23
- 98.###.69.141:23
- 19#.##0.65.154:23
- 25#.##8.83.67:23
- 20#.##6.159.56:23
- 16#.##7.244.59:23
- 17#.##3.170.138:23
- 25#.##9.221.54:23
- 12#.##.40.127:23
- 45.##.10.35:23
- 25.##1.64.93:23
- 42.##.162.135:23
- 22#.#.145.226:23
- 21#.##.164.251:23
- 24.###.141.196:23
- 22#.##5.138.166:23
- 12#.##.227.186:23
- 10#.##.88.240:23
- 78.###.13.140:23
- 95.###.151.231:23
- 25#.##.224.183:23
- 49.###.197.171:23
- 12#.##2.233.47:23
- 18#.##.171.116:23
- 7.###.30.118:23
- 10#.##2.181.100:23
- 20.###.111.194:23
- 19#.##.138.11:23
- 83.##.10.113:23
- 97.###.171.209:23
- 23#.##.28.125:23
- 18#.##8.80.139:23
- 24#.##4.217.146:23
- 94.###.89.247:23
- 21.###.125.68:23
- 14#.##2.71.17:23
- 5.##.214.141:23
- 81.###.111.127:23
- 20#.#98.94.0:23
- 22#.##9.243.30:23
- 18#.##3.177.143:23
- 10#.##.58.200:23
- 12#.#.212.58:23
- 17.##.81.28:23
- 98.##.81.60:23
- 33.##.122.197:23
- 23#.##2.59.17:23
- 15#.##0.240.215:23
- 41.##.119.9:23
- 27.##.169.121:23
- 16.##8.4.52:23
- 12#.##4.34.208:23
- 21#.#.176.145:23
- 19.###.103.62:23
- 18.#.195.72:23
- 58.###.168.227:23
- 18#.##0.139.187:23
- 21#.##.107.109:23
- 75.###.111.214:23
- 20#.##9.144.216:23
- 10#.#7.166.8:23
- 19#.##.163.113:23
- 24#.##.255.77:23
- 25#.##.226.124:23
- 78.##2.3.152:23
- 12#.##4.105.254:23
- 10#.##0.39.213:23
- 19#.##1.250.93:23
- 24#.##.217.87:23
- 27.###.138.62:23
- 23#.##8.250.254:23
- 17#.##2.223.173:23
- 23#.##1.220.194:23
- 86.##.101.76:23
- 16#.##5.10.214:23
- 19#.##.113.57:23
- 19#.##.219.119:23
- 24#.##.178.144:23
- 56.###.174.242:23
- 15#.#.95.239:23
- 14#.##.185.38:23
- 17#.##1.162.196:23
- 12#.##.134.109:23
- 22#.##.11.236:23
- 14#.##.59.201:23
- 16#.#3.129.9:23
- 15.##.134.108:23
- 15#.##8.178.142:23
- 19#.##3.155.224:23
- 20#.##6.95.181:23
- 75.#.6.177:23
- 17#.##2.150.190:23
- 64.###.151.171:23
- 10#.##.137.136:23
- 21#.##.158.150:23
- 58.###.204.74:23
- 9.###.189.66:23
- 6.###.155.134:23
- 21#.##.54.136:23
- 10#.##8.146.9:23
- 21#.#.0.81:23
- 21#.##9.75.144:23
- 19#.##9.59.249:23
- 17#.##8.213.151:23
- 15#.##3.91.59:23
- 70.###.181.175:23
- 23#.##9.168.55:23
- 21#.##4.240.246:23
- 23#.##9.196.224:23
- 81.#.174.251:23
- 20#.##.226.239:23
- 11#.##.127.168:23
- 14#.##0.118.213:23
- 28.###.244.16:23
- 44.##0.39.1:23
- 64.###.142.206:23
- 72.###.125.16:23
- 17#.#4.51.87:23
- 58.###.100.164:23
- 60.###.185.110:23
- 65.###.185.56:23
- 80.##7.44.82:23
- 17#.##.27.108:23
- 16#.##.197.39:23
- 29.##.143.26:23
- 17#.##.48.214:23
- 25.##.96.221:23
- 95.###.161.110:23
- 16#.##6.85.127:23
- 19#.##9.108.177:23
- 83.##3.29.20:23
- 19#.##.175.242:23
- 12.###.16.142:23
- 64.###.177.16:23
- 11#.##.213.108:23
- 15#.##4.23.89:23
- 66.###.224.201:23
- 13#.##7.25.197:23
- 21#.##.178.149:23
- 23#.##2.96.145:23
- 15.###.18.243:23
- 18#.##1.6.219:23
- 23#.##4.252.162:23
- 10#.##.179.132:23
- 11#.##.93.123:23
- 21#.##.12.153:23
- 17#.##2.24.60:23
- 15#.##5.74.201:23
- 23#.##0.154.52:23
- 96.###.126.164:23
- 14#.##5.220.188:23
- 70.##.114.145:23
- 35.###.247.129:23
- 32.##7.57.25:23
- 15#.##.190.222:23
- 17#.##1.206.91:23
- 11#.##2.159.75:23
- 34.###.49.137:23
- 66.###.206.71:23
- 17.##.12.168:23
- 14.##.125.36:23
- 28.###.12.115:23
- 64.###.119.184:23
- 12#.##.52.222:23
- 97.##.5.4:23
- 10#.##1.56.88:23
- 22#.##.232.245:23
- 24.###.141.139:23
- 10.###.34.163:23
- 12#.##9.29.173:23
- 39.##.129.78:23
- 58.##.167.103:23
- 79.##.180.72:23
- 77.###.134.147:23
- 25#.##8.21.57:23
- 83.##.49.237:23
- 12#.##.11.254:23
- 59.##.68.172:23
- 69.###.208.18:23
- 44.#.105.249:23
- 19#.##.231.83:23
- 76.##.143.209:23
- 25#.##3.202.165:23
- 21.###.28.204:23
- 11#.#.20.81:23
- 58.##.231.4:23
- 24#.#87.6.80:23
- 17#.##6.67.103:23
- 15#.##8.162.125:23
- 58.##.165.14:23
- 2.##.248.91:23
- 25#.##7.178.149:23
- 12.###.220.235:23
- 19#.##8.136.54:23
- 99.###.230.169:23
- 4.##.145.45:23
- 23#.##3.203.221:23
- 94.##5.8.248:23
- 18#.#.123.57:23
- 13#.##.90.109:23
- 15#.##0.148.237:23
- 19#.##.108.85:23
- 18#.##3.61.237:23
- 10#.##0.99.224:23
- 16#.##6.39.250:23
- 23#.##.117.224:23
- 19#.##.117.28:23
- 16#.##3.192.22:23
- 36.###.85.141:23
- 12#.#1.46.76:23
- 19#.##0.192.238:23
- 14#.##2.235.5:23
- 14#.##4.143.228:23
- 24#.##.183.48:23
- 13#.##2.188.25:23
- 15#.##0.146.150:23
- 22#.##.76.220:23
- 21#.##7.79.202:23
- 13#.#02.8.83:23
- 12#.##9.199.204:23
- 83.##.193.27:23
- 20#.##3.221.52:23
- 22#.##1.114.201:23
- 55.##.200.89:23
- 84.##.122.44:23
- 22#.##.27.165:23
- 19#.##6.75.93:23
- 23#.##2.20.41:23
- 22#.##6.106.174:23
- 21#.##8.58.123:23
- 17.##.2.181:23
- 17.##.0.177:23
- 11#.##1.172.122:23
- 55.###.17.176:23
- 18#.##5.117.200:23
- 86.###.84.207:23
- 19#.##2.55.76:23
- 15#.#.92.213:23
- 11#.##5.50.111:23
- 25#.##5.202.110:23
- 71.##.145.183:23
- 20#.##0.216.203:23
- 12.###.94.121:23
- 98.##8.41.37:23
- 14#.##8.201.48:23
- 16#.##5.179.244:23
- 21.###.211.101:23
- 73.##.197.195:23
- 83.##3.41.76:23
- 14#.##.175.26:23
- 63.###.147.69:23
- 95.###.44.193:23
- 23.##.198.214:23
- 16#.##3.214.207:23
- 18#.#5.6.115:23
- 37.##.169.166:23
- 20#.##.148.66:23
- 11#.##8.62.217:23
- 69.###.106.246:23
- 18.###.243.224:23
- 45.##7.44.87:23
- 4.###.20.242:23
- 43.##.191.138:23
- 12#.#35.72.4:23
- 16.##.168.134:23
- 15#.#1.73.44:23
- 17#.##9.43.213:23
- 15#.#9.34.86:23
- 10#.##.71.119:23
- 82.###.196.235:23
- 47.###.195.232:23
- 38.##6.45.29:23
- 10#.##4.86.177:23
- 12#.##5.205.241:23
- 13#.##8.20.247:23
- 74.##.168.23:23
- 20.###.41.135:23
- 13#.#6.1.53:23
- 19#.##4.155.121:23
- 13#.##2.197.152:23
- 10#.##0.4.113:23
- 24#.##8.148.232:23
- 17#.##2.198.153:23
- 15#.##5.97.91:23
- 11#.#2.28.59:23
Receives data from the following servers:
- 37.##.150.53:7685
