Technical Information
Malicious functions:
Removes itself
Manages services:
- ['systemctl', 'daemon-reload']
- ['systemctl', 'enable', 'storm.service']
Launches processes:
- /usr/bin/storm
- id -g
- mount -o rw,remount /usr
- mount -o rw,remount /
- /usr/bin/getconf CLK_TCK
Performs operations with the file system:
Modifies file access rights:
- /usr/bin/storm
Creates or modifies files:
- /proc/483/oom_adj
- /proc/483/oom_score_adj
- /usr/bin/storm
- /proc/497/oom_adj
- /proc/497/oom_score_adj
- /etc/systemd/system/storm.service
- /etc/storm.key
Mounts file systems:
- /dev/mmcblk0p2
- /root/none
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:37121
Establishes connection:
- <LOCAL_DNS_SERVER>51
- <LOCAL_DNS_SERVER>
- 10#.##1.131.82:4001
- 17#.##2.7.102:443
- 11#.##.148.28:443
- 17#.##4.237.57:53
- 17#.##4.49.100:53
- 37.##5.1.174:53
- 37.##5.1.177:53
- 45.##.97.5:53
- 84.##0.69.80:53
- 84.##0.70.40:53
- [2######8:c0c:bd0a::1]:9
- 49.##.234.183:9
- 49.##.234.183:80
- [6######::2285:9d19]:4001
- 66.##.188.136:4001
- 18.###.13.203:4001
- 127.0.0.1:4001
- [:##]:4001
- [:##]:4002
- 127.0.0.1:4002
- 34.###.157.25:4001
- 17#.#8.0.4:4001
- 18.###.13.203:41680
- 19#.##.251.219:4001
- 2.##.241.12:9
- 2.##.241.5:9
- 2.##.241.12:80
- 19#.##8.88.38:4001
- [2###########7:f500:2601:7cdc:1a2d:661c]:4001
- [2##########c7:f501:e0af:1c:1468:e272]:4001
- 14#.##.70.221:4001
- 14#.##.16.237:4001
- 18#.###.195.180:4001
- 45.##.245.21:4001
- 62.###.143.115:4001
- 17#.###.253.130:4001
- 45.##.144.29:4001
- 52.##.216.110:4001
- 127.0.0.1:8081
- 17#.##.29.167:4001
- 17#.##.29.167:8081
- [6######::cf26:59a4]:4001
- 38.##.241.8:30063
- [2######0:7b:635::2]:4001
- 20#.##.89.164:4001
- 51.###.245.243:4001
- 34.##8.85.86:9
- 34.###.245.245:9
- 52.##.72.113:9
- 52.##.99.84:9
- 52.##.170.255:9
- 52.##.177.193:9
- 34.##6.96.239:9
- 52.###.107.174:9
- 34.##8.85.86:80
- [2######00::6812:7361]:9
- [2######00::6812:7261]:9
- [2######00::6812:7361]:443
- [2######00::6812:7261]:443
- [2######01:0:bbc3::]:443
- 17#.#4.194.16:9
- 17#.#4.195.16:9
- 17#.##.194.16:80
- 15#.##8.232.57:4001
- 14#.##.19.38:4001
- 3.##.#24.33:19988
- 21#.##6.88.238:4001
- 17#.##2.254.62:4001
- 45.##.78.123:4001
- 10#.###.205.162:4001
- 34.##.102.253:4001
- 66.##.101.150:4001
- 14#.##.80.110:4001
- 86.##.17.234:4001
- 20#.##6.81.13:4001
- 45.##.22.186:4001
- 16#.##.214.74:4001
- 18#.##2.97.183:4001
- 38.###.141.198:4001
- [6######::a45a:d64a]:4001
- 16#.##.214.74:4002
- 21#.##.56.163:4001
- 45.###.237.251:4001
- 24.##.98.38:37681
- 10#.###.194.175:4001
- 127.0.0.1:44005
- [:##]:44005
- 19#.##8.0.181:44005
- [6######::a3ac:fe18]:4001
- 20#.##6.10.42:4001
- 16#.##2.254.24:4001
- 66.##.168.116:4001
- 10#.##6.231.76:4001
- 14#.##.194.73:4001
- 14#.##.179.87:4001
- 15#.##.224.137:4001
- 51.###.61.105:4001
- 10#.##.75.135:4001
- [6######::339e:3d69]:4001
- 18#.###.248.90:42676
- 127.0.0.1:42676
- 45.##.16.30:4001
- 12#.###.70.193:53221
- 14#.##.165.200:4001
- 14#.###.153.134:4001
- 15#.###.223.100:4001
- 15#.##1.66.219:9
- 15#.##1.194.219:9
- 15#.#01.2.219:9
- 15#.##1.130.219:9
- [2####4e42::731]:9
- [2#####e42:200::731]:9
- [2#####e42:600::731]:9
- [2#####e42:400::731]:9
- 15#.##1.66.219:80
- 16#.##5.54.226:4001
- 17#.#8.0.2:4001
- [6######::a7eb:36e2]:4001
- 45.##.87.169:4001
- 18#.###.248.82:36441
- 127.0.0.1:36441
- 20#.##0.228.32:4001
- 14#.##8.19.112:4001
DNS ASK:
- _d######.bootstrap.libp2p.io
- sp###test.net
- ic###azip.com
- my####rnalip.com
- if##nfig.io
- ch#####.amazonaws.com
- id##t.me
- wh#####yip.akamai.com
- my##.#nsomatic.com
- di#####tic.opendns.com
- ch######nt-cn.yeaosound.com
- ww#.##eedtest.net
Sends data to the following servers:
- <LOCAL_DNS_SERVER>51
- 23#.###.255.250:1900
- 17#.##2.7.102:443
- 10#.##1.131.82:4001
- 49.##.234.183:80
- 2.##.241.12:80
- 66.##.188.136:4001
- 18.###.13.203:4001
- 34.###.157.25:4001
- 19#.##.251.219:4001
- 18#.###.195.180:4001
- 14#.##.16.237:4001
- 45.##.245.21:4001
- 62.###.143.115:4001
- 17#.###.253.130:4001
- 52.##.216.110:4001
- 45.##.144.29:4001
- 38.##.241.8:30063
- 51.###.245.243:4001
- 34.##8.85.86:80
- 17#.##.194.16:80
- 15#.##8.232.57:4001
- 14#.##.19.38:4001
- 3.##.#24.33:19988
- 17#.##2.254.62:4001
- 66.##.101.150:4001
- 45.##.78.123:4001
- 34.##.102.253:4001
- 10#.###.205.162:4001
- 18#.##2.97.183:4001
- 16#.##.214.74:4001
- 38.###.141.198:4001
- 86.##.17.234:4001
- 16#.##.214.74:4002
- 20#.##6.81.13:4001
- 45.##.22.186:4001
- 21#.##.56.163:4001
- 10#.###.194.175:4001
- 45.###.237.251:4001
- 20#.##6.10.42:4001
- 16#.##2.254.24:4001
- 66.##.168.116:4001
- 51.###.61.105:4001
- 10#.##6.231.76:4001
- 15#.##.224.137:4001
- 14#.##.194.73:4001
- 45.##.16.30:4001
- 18#.###.248.90:42676
- 12#.###.70.193:53221
- 15#.##1.66.219:80
- 16#.##5.54.226:4001
- 14#.###.153.134:4001
Receives data from the following servers:
- <LOCAL_DNS_SERVER>51
- 17#.##2.7.102:443
- 10#.##1.131.82:4001
- 49.##.234.183:80
- 2.##.241.12:80
- 66.##.188.136:4001
- 18.###.13.203:4001
- 34.###.157.25:4001
- 19#.##.251.219:4001
- 18#.###.195.180:4001
- 14#.##.16.237:4001
- 45.##.245.21:4001
- 62.###.143.115:4001
- 17#.###.253.130:4001
- 52.##.216.110:4001
- 45.##.144.29:4001
- 38.##.241.8:30063
- 51.###.245.243:4001
- 34.##8.85.86:80
- 17#.##.194.16:80
- 15#.##8.232.57:4001
- 14#.##.19.38:4001
- 3.##.#24.33:19988
- 17#.##2.254.62:4001
- 66.##.101.150:4001
- 45.##.78.123:4001
- 34.##.102.253:4001
- 10#.###.205.162:4001
- 18#.##2.97.183:4001
- 16#.##.214.74:4001
- 38.###.141.198:4001
- 86.##.17.234:4001
- 16#.##.214.74:4002
- 20#.##6.81.13:4001
- 45.##.22.186:4001
- 21#.##.56.163:4001
- 10#.###.194.175:4001
- 45.###.237.251:4001
- 20#.##6.10.42:4001
- 16#.##2.254.24:4001
- 66.##.168.116:4001
- 51.###.61.105:4001
- 10#.##6.231.76:4001
- 15#.##.224.137:4001
- 14#.##.194.73:4001
- 45.##.16.30:4001
- 18#.###.248.90:42676
- 12#.###.70.193:53221
- 15#.##1.66.219:80
- 16#.##5.54.226:4001
- 14#.###.153.134:4001
Other:
Collects CPU information
Collects information about network activity
