Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- (null)
Kills system processes:
- sshd
Kills the following processes:
- exim4
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:2174
Establishes connection:
- 8.#.8.8:53
- 94.###.43.254:53
- 94.###.83.102:2222
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- wi#####hexijingping.dyn
Sends data to the following servers:
- 94.###.83.102:2222
- 15#.##9.103.208:23
- 10#.##.120.195:23
- 21#.##.142.24:23
- 95.##.252.116:23
- 19#.#6.6.249:23
- 14#.##1.86.41:23
- 16#.##8.251.195:23
- 14#.#.60.235:23
- 12#.##3.190.130:23
- 96.###.165.91:23
- 39.##.97.179:23
- 97.###.250.116:23
- 60.###.144.181:23
- 84.###.94.209:23
- 21#.##3.68.198:23
- 38.###.150.193:23
- 14#.##1.205.121:23
- 13#.##8.243.251:23
- 13#.##5.169.49:23
- 16#.##.202.65:23
- 36.##.101.147:23
- 18#.##5.251.102:23
- 89.##.4.148:23
- 44.###.141.38:23
- 16#.##2.11.178:23
- 23.##.131.82:23
- 98.#.105.121:23
- 13#.##9.163.10:23
- 15#.##1.150.251:23
- 14#.##3.201.177:23
- 4.##.96.218:23
- 15#.##.127.52:23
- 16#.##4.7.103:23
- 19#.##7.248.154:23
- 17.###.192.171:23
- 92.##6.3.228:23
- 65.###.24.209:23
- 16#.##6.74.155:23
- 18#.##7.86.66:23
- 20#.##.101.53:23
- 17#.##.203.236:23
- 20#.##2.239.144:23
- 17#.##4.64.157:23
- 97.##.73.250:23
- 15#.##5.129.17:23
- 12#.##2.211.88:23
- 13#.##.192.48:23
- 61.###.178.131:23
- 13#.##.37.140:23
- 15#.#3.27.96:23
- 12#.##5.58.46:23
- 11#.#08.24.6:23
- 98.##8.128.6:23
- 19.###.183.89:23
- 42.#.157.122:23
- 36.###.51.173:23
- 16#.##1.99.156:23
- 19#.##.73.147:23
- 21#.##7.206.183:23
- 11#.##.192.14:23
- 21#.##.217.119:23
- 21#.##1.12.103:23
- 17#.##3.229.238:23
- 10#.##0.70.170:23
- 15#.##4.101.204:23
- 18#.##.152.69:23
- 18#.##0.162.209:23
- 11#.##4.28.140:23
- 77.###.214.144:23
- 69.###.149.247:23
- 17#.##2.255.252:23
- 15#.##1.217.91:23
- 20.##.133.77:23
- 17#.##9.61.55:23
- 19.##.112.158:23
- 87.##.169.236:23
- 11#.##.215.245:23
- 91.###.151.107:23
- 17#.##0.197.93:23
- 17.###.115.102:23
- 10#.##.221.127:23
- 53.###.188.219:23
- 18#.#.74.117:23
- 66.###.227.40:23
- 15#.##.165.253:23
- 50.##.153.77:23
- 16#.#6.65.93:23
- 17#.##.240.207:23
- 13#.##8.182.62:23
- 18#.##5.194.89:23
- 21#.#2.21.18:23
- 66.###.176.21:23
- 25.###.63.110:23
- 18#.##.39.144:23
- 14#.##5.246.27:23
- 99.##.184.126:23
- 72.###.190.83:23
- 16#.##6.138.57:23
- 12#.##4.132.132:23
- 96.###.26.218:23
- 72.###.233.152:23
- 39.###.171.31:23
- 53.##5.57.61:23
- 13#.##.37.160:23
- 64.##.188.244:23
- 15#.##2.58.174:23
- 38.##.211.200:23
- 89.##.26.66:23
- 98.###.207.209:23
- 11#.##3.73.31:23
- 37.##.105.141:23
- 21#.##3.29.61:23
- 11#.##7.213.238:23
- 15#.##0.54.38:23
- 45.##.24.14:23
- 94.##.38.210:23
- 20#.##0.38.249:23
- 39.##.219.241:23
- 13#.##1.17.169:23
- 17#.#2.72.45:23
- 80.###.175.135:23
- 70.##.141.255:23
- 21#.##9.140.134:23
- 14#.##5.114.101:23
- 11#.##.96.245:23
- 80.###.193.127:23
- 69.###.56.190:23
- 53.###.11.239:23
- 96.##5.88.43:23
- 14#.##7.156.217:23
- 17#.##.103.100:23
- 92.##5.64.67:23
- 41.###.47.207:23
- 11#.##7.184.115:23
- 73.###.201.60:23
- 10#.##.100.179:23
- 13#.##4.76.30:23
- 99.###.68.212:23
- 36.###.111.80:23
- 78.###.231.170:23
- 22#.##2.49.34:23
- 19#.##3.87.65:23
- 66.##.64.152:23
- 64.###.205.176:23
- 21#.#70.93.7:23
- 58.###.253.156:23
- 14#.##.114.134:23
- 11#.##2.27.194:23
- 21#.##7.58.32:23
- 18#.#.102.227:23
- 1.###.193.231:23
- 13#.##.214.200:23
- 18#.#66.36.2:23
- 15#.#8.0.85:23
- 19#.##1.33.185:23
- 12#.##7.145.219:23
- 19#.##3.159.212:23
- 32.###.110.198:23
- 20#.#7.10.98:23
- 90.###.246.42:23
- 14#.#4.74.70:23
- 14#.##6.58.114:23
- 15#.##1.33.174:23
- 99.##.144.253:23
- 44.##3.9.128:23
- 48.##.159.223:23
- 19#.##2.211.90:23
- 11#.##.71.122:23
- 2.###.187.82:23
- 14#.##2.65.185:23
- 13#.##5.229.115:23
- 16#.#5.80.13:23
- 17#.##8.218.190:23
- 10#.##4.47.104:23
- 15#.##.100.178:23
- 45.###.107.47:23
- 47.##.226.242:23
- 19#.##0.108.156:23
- 13#.##7.106.139:23
- 80.###.61.125:23
- 11#.##7.100.150:23
- 10#.##4.178.67:23
- 20#.##1.167.94:23
- 22#.##5.213.104:23
- 13#.##8.201.55:23
- 10#.##5.8.125:23
- 18#.##9.35.207:23
- 70.##.51.12:23
- 18#.##.135.22:23
- 51.##.7.59:23
- 20#.##6.190.47:23
- 21#.##3.23.69:23
- 12#.##.241.95:23
- 18#.##8.98.251:23
- 14#.#2.1.63:23
- 86.#.188.242:23
- 93.###.131.34:23
- 11#.#3.0.161:23
- 13#.##6.231.136:23
- 21#.##8.252.251:23
- 74.###.112.246:23
- 39.##7.70.76:23
- 19#.##4.234.125:23
- 66.###.136.238:23
- 84.###.235.19:23
- 47.##.171.101:23
- 12.###.68.244:23
- 48.##5.30.12:23
- 18#.##.27.239:23
- 16#.##5.147.13:23
- 20#.##9.115.162:23
- 84.##.173.166:23
- 10#.##5.195.61:23
- 42.##.98.162:23
- 4.###.221.213:23
- 54.###.198.108:23
- 16#.##9.72.186:23
- 20#.##7.188.14:23
- 12#.#.30.188:23
- 82.##.140.7:23
- 24.##.33.233:23
- 21#.##.109.73:23
- 65.###.118.75:23
- 36.##.98.111:23
- 10#.##.241.90:23
- 93.##.95.232:23
- 20#.##7.57.71:23
- 19#.#41.39.8:23
- 15#.##0.71.13:23
- 66.###.210.162:23
- 98.##.54.202:23
- 77.##.186.72:23
- 13#.##9.10.127:23
- 87.###.166.113:23
- 49.##.162.85:23
- 17#.##1.132.22:23
- 14#.##8.88.92:23
- 19#.##.28.194:23
- 20#.##1.245.107:23
- 2.###.204.43:23
- 20#.##.86.225:23
- 16#.##3.32.167:23
- 48.###.190.22:23
- 35.###.131.187:23
- 11#.#2.72.67:23
- 18#.#7.47.73:23
- 96.###.60.156:23
- 16#.#.147.170:23
- 50.###.93.236:23
- 11#.##9.80.81:23
- 19#.##.44.219:23
- 9.###.229.208:23
- 17#.##2.108.207:23
- 16#.##4.218.165:23
- 45.###.122.199:23
- 96.###.137.210:23
- 17#.##8.40.19:23
- 20#.##6.94.145:23
- 80.###.194.60:23
- 12#.##2.170.27:23
- 39.##.67.11:23
- 13#.##9.145.152:23
- 17#.##7.52.116:23
- 73.###.78.144:23
- 12#.##.179.79:23
- 89.#.251.108:23
- 25.###.236.207:23
- 13#.##.89.124:23
- 13#.##3.125.173:23
- 21#.##0.209.221:23
- 83.#.185.106:23
- 10#.##9.79.177:23
- 15#.##3.134.95:23
- 9.###.181.53:23
- 16#.##3.36.222:23
- 13#.#4.65.68:23
- 99.##.72.248:23
- 11#.##6.226.114:23
- 80.##5.0.249:23
- 13#.##5.142.68:23
- 17#.##9.140.133:23
- 36.###.174.250:23
- 13.###.72.220:23
- 10#.##6.212.185:23
- 15#.##5.22.253:23
- 11#.##3.249.248:23
- 20.##.111.155:23
- 10#.##.253.219:23
- 72.##6.53.13:23
- 20#.##1.145.152:23
- 94.###.31.139:23
- 19#.##6.213.150:23
- 18#.##4.121.198:23
- 76.###.219.16:23
- 53.##.38.104:23
- 14.###.198.96:23
- 16#.##.125.13:23
- 18#.##.157.129:23
- 17.#.42.29:23
- 20#.#9.54.88:23
- 11#.##7.24.183:23
- 47.###.15.198:23
- 21#.##6.139.52:23
- 19#.##7.67.205:23
- 14#.##.250.106:23
- 15#.##.54.173:23
- 12#.#1.32.70:23
- 82.###.102.135:23
- 21#.##1.96.127:23
- 17#.#51.4.78:23
- 21#.##7.75.46:23
- 10#.#.118.148:23
- 44.###.249.99:23
- 74.###.22.148:23
- 11#.##7.100.99:23
- 16#.##.193.77:23
- 14#.##.159.204:23
- 16#.##5.90.44:23
- 41.##.80.155:23
- 5.###.18.47:23
- 15#.#1.201.1:23
- 97.##.76.12:23
- 19#.##1.140.149:23
- 13#.##3.180.102:23
- 10#.##.40.201:23
- 83.##.87.103:23
- 20#.#1.230.7:23
- 84.#.59.15:23
- 36.###.159.156:23
- 12#.##.159.151:23
- 18#.##1.155.244:23
- 17#.#0.39.70:23
- 16#.#.39.14:23
- 11#.##.18.127:23
- 12#.#.176.51:23
- 89.#.119.54:23
- 17#.##7.112.253:23
- 35.###.140.233:23
- 22#.##.111.217:23
- 14.##9.77.75:23
- 23.###.238.174:23
- 20#.#7.35.70:23
- 20#.##7.66.106:23
- 16#.##2.42.90:23
- 13#.##.249.42:23
Receives data from the following servers:
- 94.###.83.102:2222
