Technical Information
Malicious functions:
Substitutes application name for:
- (sd-pam)
Kills the following processes:
- <SAMPLE>
Network activity:
Awaits incoming connections on ports:
- 19#.##8.209.50:3467
Establishes connection:
- 8.#.8.8:53
- 19#.##9.147.16:4321
- 37.##.150.53:7685
- 19#.###.209.50:41290
- 19#.###.209.50:43862
- 19#.###.209.50:33210
- 19#.###.209.50:34543
- 19#.###.209.50:33216
- 19#.###.209.50:53483
- 19#.###.209.50:52185
- 19#.###.209.50:33232
- 19#.###.209.50:44408
- 19#.###.209.50:34562
- 19#.###.209.50:34556
- 19#.###.209.50:39845
- 19#.###.209.50:38671
- 19#.###.209.50:34549
- 19#.###.209.50:34554
- 19#.###.209.50:50286
- 19#.###.209.50:34573
- 19#.###.209.50:39279
- 19#.###.209.50:53530
- 19#.###.209.50:33004
- 19#.###.209.50:34582
- 19#.###.209.50:34578
- 19#.###.209.50:55448
- 19#.###.209.50:34580
- 19#.###.209.50:41242
- 19#.###.209.50:45667
- 19#.###.209.50:33258
- 19#.###.209.50:46687
- 19#.###.209.50:53854
- 19#.###.209.50:33196
- 19#.###.209.50:33788
- 19#.###.209.50:33289
- 19#.###.209.50:59545
- 19#.###.209.50:34437
- 19#.###.209.50:33321
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 19#.##9.147.16:4321
- 37.##.150.53:7685
- 13#.##9.216.206:23
- 24#.#5.43.70:23
- 22#.#.156.202:23
- 36.###.240.70:23
- 6.###.150.23:23
- 8.###.15.113:23
- 15#.##6.184.98:23
- 20.###.28.202:23
- 20#.#03.90.4:23
- 46.###.156.204:23
- 11#.##9.227.56:23
- 18#.##7.132.175:23
- 10#.##.198.216:23
- 14.###.203.22:23
- 21#.#2.36.52:23
- 59.##3.93.6:23
- 12#.##9.235.184:23
- 22#.##2.80.255:23
- 20#.##.223.113:23
- 22#.##5.153.31:23
- 23#.##7.20.184:23
- 19#.##8.199.210:23
- 14#.##9.12.69:23
- 24#.##8.242.215:23
- 11#.#.200.201:23
- 2.###.251.225:23
- 22#.##.134.27:23
- 30.###.216.136:23
- 24#.##.148.126:23
- 10#.##.192.220:23
- 96.##.112.112:23
- 12#.##.184.43:23
- 11#.##4.157.235:23
- 44.##.130.163:23
- 16#.##8.67.113:23
- 98.##.75.220:23
- 11#.##.105.173:23
- 12.###.157.96:23
- 18.##.238.158:23
- 22#.##3.232.219:23
- 20#.##8.164.103:23
- 19#.##.64.101:23
- 17#.##0.205.160:23
- 18#.##0.30.181:23
- 91.###.43.151:23
- 38.##4.38.87:23
- 56.###.199.12:23
- 16#.##2.158.93:23
- 19#.##5.110.132:23
- 24.##.234.159:23
- 11#.##.167.57:23
- 14#.#00.22.6:23
- 23#.##4.243.16:23
- 32.###.20.209:23
- 16#.##6.160.234:23
- 21#.##3.228.23:23
- 23#.##.163.203:23
- 1.##.135.219:23
- 23#.#0.61.3:23
- 17#.##6.8.157:23
- 21#.##1.103.128:23
- 20.##6.38.58:23
- 12#.#.68.232:23
- 15#.#9.96.82:23
- 25#.##4.251.186:23
- 19#.##.153.113:23
- 44.##.170.110:23
- 72.#.142.254:23
- 10#.##.95.185:23
- 19#.##7.200.182:23
- 71.###.251.236:23
- 24#.#.8.244:23
- 24#.#7.45.2:23
- 23#.##.176.204:23
- 13#.##1.151.166:23
- 23#.##7.241.68:23
- 18#.##.238.176:23
- 89.###.86.195:23
- 12#.##.184.243:23
- 15#.##7.22.101:23
- 18#.##1.249.161:23
- 48.###.205.109:23
- 10#.##0.116.133:23
- 93.###.255.229:23
- 77.##.87.238:23
- 23#.##.66.161:23
- 24#.##9.127.166:23
- 90.##.171.175:23
- 10#.##.167.66:23
- 21#.##6.139.230:23
- 56.##7.38.13:23
- 73.###.113.249:23
- 68.##6.99.53:23
- 14#.##.212.248:23
- 10#.##0.159.144:23
- 11#.##0.12.92:23
- 55.###.80.243:23
- 25.##.253.138:23
- 23#.##2.38.53:23
- 22#.##.231.137:23
- 21#.##4.118.227:23
- 11#.##5.210.163:23
- 14#.##.211.104:23
- 44.###.247.223:23
- 49.###.216.165:23
- 18#.##8.130.197:23
- 15#.##.49.140:23
- 24.###.170.116:23
- 11#.#.53.87:23
- 16#.##.107.203:23
- 62.###.65.138:23
- 61.###.28.142:23
- 21.###.229.126:23
- 24#.##0.96.164:23
- 45.##.251.24:23
- 24#.##6.23.72:23
- 24#.##9.48.37:23
- 25#.##8.4.187:23
- 24#.#5.5.54:23
- 25#.#.45.255:23
- 20#.#26.8.65:23
- 6.###.50.200:23
- 71.##.193.85:23
- 16#.##6.87.186:23
- 19#.##1.112.41:23
- 12#.##7.229.58:23
- 23#.##.232.53:23
- 12.###.71.107:23
- 19#.#6.57.51:23
- 85.##.171.15:23
- 11#.##.51.208:23
- 72.###.210.240:23
- 79.###.107.210:23
- 11.##.233.100:23
- 41.##0.82.89:23
- 88.##.69.35:23
- 14#.##.241.216:23
- 17#.##.99.136:23
- 90.##.228.36:23
- 10#.##.108.104:23
- 26.###.232.235:23
- 43.##.163.170:23
- 4.###.146.48:23
- 21.###.113.180:23
- 19#.##8.223.223:23
- 73.###.110.83:23
- 89.###.13.238:23
- 75.###.110.151:23
- 15.##.192.152:23
- 10#.#6.163.4:23
- 15#.##.38.156:23
- 81.##.26.77:23
- 23#.##8.132.111:23
- 17#.##2.117.101:23
- 14#.##4.24.42:23
- 30.###.168.75:23
- 16#.##4.20.27:23
- 20#.##7.181.121:23
- 25#.##6.232.236:23
- 1.###.105.142:23
- 24#.##.203.189:23
- 11#.##2.63.125:23
- 16#.##.248.210:23
- 13#.##8.104.148:23
- 20#.##3.196.241:23
- 23#.##2.45.51:23
- 14#.##.182.138:23
- 13#.##.59.231:23
- 22#.##0.196.121:23
- 10#.##2.151.157:23
- 99.###.55.109:23
- 90.##.2.139:23
- 12#.##9.94.122:23
- 53.##.230.240:23
- 66.###.223.159:23
- 21#.##0.25.185:23
- 13#.#4.6.99:23
- 13#.##.142.155:23
- 3.###.188.197:23
- 59.###.73.253:23
- 40.###.35.127:23
- 20#.##3.184.25:23
- 13#.##6.197.135:23
- 88.###.57.193:23
- 21#.##7.209.196:23
- 10#.##.182.182:23
- 23#.##.196.23:23
- 18#.##.200.162:23
- 15#.##5.58.50:23
- 25#.##0.98.129:23
- 22.###.68.245:23
- 12#.##6.190.109:23
- 12.###.87.186:23
- 15#.##9.50.130:23
- 32.###.156.172:23
- 11#.##2.56.130:23
- 81.###.117.31:23
- 4.###.226.182:23
- 29.##.190.131:23
- 66.###.246.115:23
- 23#.##8.9.251:23
- 21#.##.148.76:23
- 12#.##.138.73:23
- 22#.##.25.146:23
- 73.###.242.98:23
- 54.###.173.62:23
- 23#.##6.67.81:23
- 21#.##5.71.119:23
- 25#.##.221.181:23
- 13#.##.64.105:23
- 85.###.131.128:23
- 87.###.213.252:23
- 86.###.77.147:23
- 54.###.130.92:23
- 25#.##.199.119:23
- 51.#.56.178:23
- 86.###.249.87:23
- 83.###.14.189:23
- 11#.##.253.113:23
- 22#.##0.187.63:23
- 21.###.198.109:23
- 56.##.73.152:23
- 11#.##8.252.16:23
- 24#.#10.24.0:23
Receives data from the following servers:
- 37.##.150.53:7685
- 19#.##9.147.16:4321
