Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
- /etc/oevua idle_inject/0
Performs operations with the file system:
Deletes folders:
- /etc/emacs
- /etc/fonts
- /etc/groff
- /etc/pam.d
- /etc/rc0.d
- /etc/rc1.d
- /etc/rc2.d
- /etc/rc3.d
- /etc/rc4.d
- /etc/rc5.d
- /etc/rc6.d
- /etc/rcS.d
- /etc/runit
Creates or modifies files:
- /etc/oevua
Deletes files:
- /etc/oevua
- /etc/emacs
- /etc/fonts
- /etc/fstab
- /etc/groff
- /etc/group
- /etc/hosts
- /etc/issue
- /etc/magic
- /etc/pam.d
- /etc/rc0.d
- /etc/rc1.d
- /etc/rc2.d
- /etc/rc3.d
- /etc/rc4.d
- /etc/rc5.d
- /etc/rc6.d
- /etc/rcS.d
- /etc/runit
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:58005
- 127.0.0.1:50777
Establishes connection:
- 127.0.0.1:58005
- 127.0.0.1:50777
- 8.#.8.8:53
- [2######50:4010:c0d::79]:9
- 17#.##4.73.121:9
- 17#.##4.73.121:443
Sends data to the following servers:
- 8.#.8.8:53
- 17#.##4.73.121:443
Receives data from the following servers:
- 8.#.8.8:53
- 17#.##4.73.121:443
Other:
Collects CPU information
Collects information about network activity
