Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- (null)
Kills system processes:
- sshd
Kills the following processes:
- exim4
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:2174
Establishes connection:
- 8.#.8.8:53
- 13#.##.64.122:53
- 19#.##.195.195:53
- 94.###.83.102:1337
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- bl###peeps.dyn
- ob####over.pirate
Sends data to the following servers:
- 94.###.83.102:1337
- 13#.#.117.117:23
- 94.##8.52.8:23
- 10#.##8.3.253:23
- 24.##.32.248:23
- 66.##.4.146:23
- 12#.##.24.113:23
- 15#.##9.243.96:23
- 50.##.146.87:23
- 74.###.94.142:23
- 71.##.121.122:23
- 14#.#5.9.122:23
- 12.##5.16.77:23
- 48.###.20.173:23
- 20#.#8.52.37:23
- 19#.#4.14.35:23
- 16#.##8.241.11:23
- 39.##.31.225:23
- 54.###.167.244:23
- 18#.##1.63.96:23
- 14#.##7.216.100:23
- 18#.##1.189.206:23
- 21#.##0.106.40:23
- 10#.##2.243.211:23
- 13#.#.104.247:23
- 19#.##4.27.27:23
- 22#.##4.37.167:23
- 20#.##4.188.132:23
- 13#.##2.253.235:23
- 14#.#.128.43:23
- 72.##.9.175:23
- 17.##.57.185:23
- 11#.##.140.148:23
- 58.###.131.71:23
- 13#.##.22.191:23
- 10#.##.111.174:23
- 17#.##8.186.21:23
- 15#.##9.225.133:23
- 19.##.210.36:23
- 17#.##8.12.115:23
- 14#.##1.131.89:23
- 86.##.72.180:23
- 18#.##8.73.197:23
- 11#.##.56.172:23
- 19#.##.20.159:23
- 8.###.41.25:23
- 34.###.24.237:23
- 97.##.243.251:23
- 37.##.77.117:23
- 4.##.209.164:23
- 82.##.103.52:23
- 39.###.180.96:23
- 96.###.67.111:23
- 39.##4.43.97:23
- 11#.##1.112.200:23
- 19#.##7.105.8:23
- 21#.##.237.143:23
- 62.##2.202.0:23
- 20#.##3.218.199:23
- 57.##.7.140:23
- 15#.##.99.156:23
- 37.##1.64.32:23
- 10#.##.176.54:23
- 21#.##.210.135:23
- 72.###.51.207:23
- 16#.##1.140.189:23
- 18#.##.202.36:23
- 63.###.168.64:23
- 71.###.56.226:23
- 45.##.55.90:23
- 79.##.104.204:23
- 15#.##5.124.9:23
- 20#.##5.25.179:23
- 42.##5.64.18:23
- 8.##.10.254:23
- 16#.##1.219.164:23
- 16#.##3.106.212:23
- 14#.##8.145.67:23
- 24.###.183.99:23
- 20#.##6.45.143:23
- 52.###.23.154:23
- 16#.##0.35.226:23
- 21#.##.140.148:23
- 21#.##.136.178:23
- 36.###.65.225:23
- 15#.#.3.125:23
- 13#.##1.135.134:23
- 38.###.205.212:23
- 46.###.183.43:23
- 82.###.173.152:23
- 12#.##.22.150:23
- 94.###.172.158:23
- 24.##0.58.93:23
- 14#.##6.176.65:23
- 18#.#4.49.22:23
- 19#.##.156.144:23
- 16#.##8.65.31:23
- 18#.##3.44.10:23
- 87.##2.25.91:23
- 40.###.143.50:23
- 71.###.214.157:23
- 9.###.120.235:23
- 72.###.41.237:23
- 14#.##.103.179:23
- 5.##.212.95:23
- 2.###.128.215:23
- 81.###.131.19:23
- 4.###.89.18:23
- 79.###.219.118:23
- 16#.##2.137.115:23
- 19#.#37.64.6:23
- 18#.##9.84.247:23
- 96.###.181.132:23
- 19#.#.194.41:23
- 17#.##5.14.87:23
- 1.###.255.80:23
- 20#.##1.126.134:23
- 20#.##3.91.81:23
- 13#.##2.110.243:23
- 15#.##8.73.134:23
- 91.###.41.236:23
- 11#.#.21.238:23
- 19#.##0.36.30:23
- 17#.##0.2.224:23
- 54.##.180.255:23
- 15#.##3.53.62:23
- 45.##.73.204:23
- 19.###.41.100:23
- 16#.##9.156.144:23
- 9.###.221.251:23
- 18#.##5.255.218:23
- 11#.#9.57.73:23
- 91.##.55.143:23
- 11#.##2.93.93:23
- 64.###.166.121:23
- 60.###.98.237:23
- 17#.##0.102.48:23
- 70.##4.70.50:23
- 79.##.56.188:23
- 20#.##8.92.111:23
- 47.###.119.195:23
- 17#.##1.224.89:23
- 19#.#3.65.80:23
- 84.###.205.205:23
- 12#.##.187.169:23
- 93.###.241.100:23
- 19#.##7.21.18:23
- 40.##.13.217:23
- 21#.##7.210.40:23
- 48.##.2.201:23
- 13.##.175.198:23
- 12#.##8.106.220:23
- 92.###.124.64:23
- 37.#.44.115:23
- 13#.##8.47.105:23
- 14#.##8.246.227:23
- 25.##.115.66:23
- 69.##.118.225:23
- 11#.##5.137.171:23
- 22#.##.73.168:23
- 18#.##1.150.129:23
- 43.##.65.118:23
- 10#.##4.73.162:23
- 11#.##.143.39:23
- 20#.##2.248.253:23
- 14#.##.198.165:23
- 12#.#.127.127:23
- 15#.##0.101.232:23
- 99.###.18.238:23
- 49.##0.84.87:23
- 59.##8.0.203:23
- 70.###.221.214:23
- 21#.##.136.16:23
- 32.##.12.141:23
- 18#.##8.139.64:23
- 96.##.177.178:23
- 15#.##9.249.234:23
- 18#.##1.192.133:23
- 14#.##1.37.52:23
- 11#.##.233.222:23
- 18#.##.38.245:23
- 22#.##.153.250:23
- 20#.##5.156.26:23
- 21#.##3.135.43:23
- 14#.##.39.194:23
- 19.###.249.144:23
- 47.##.252.25:23
- 13#.##5.67.120:23
- 16#.##4.98.52:23
- 21#.##0.56.102:23
- 52.#.117.198:23
- 20#.##3.155.174:23
- 13#.##.37.168:23
- 74.###.233.122:23
- 12.###.102.241:23
- 10#.#.168.49:23
- 13#.##0.190.58:23
- 21#.##7.74.120:23
- 53.##.168.54:23
- 18#.##8.161.126:23
- 10#.##.49.206:23
- 92.###.106.118:23
- 17#.##7.204.127:23
- 10#.#46.4.98:23
- 20#.##8.221.59:23
- 50.##2.77.60:23
- 63.###.167.101:23
- 4.###.165.218:23
- 22#.##1.139.226:23
- 76.###.103.225:23
- 13#.##.110.189:23
- 19#.#.198.242:23
- 20#.##4.174.58:23
- 47.##.29.177:23
- 65.###.171.66:23
- 84.##.202.148:23
- 14#.##2.21.230:23
- 20#.##8.206.228:23
- 13#.#72.6.92:23
- 10#.##9.83.222:23
- 16#.##.245.166:23
- 17.###.248.252:23
- 17#.##9.46.246:23
- 17#.##8.50.171:23
- 11#.##.114.53:23
- 14#.##8.185.76:23
- 20.###.58.205:23
- 18#.#2.79.57:23
- 12#.##9.171.171:23
- 18#.##7.125.80:23
- 78.##7.47.64:23
- 14#.#1.50.86:23
- 27.##.221.17:23
- 20#.##8.84.117:23
- 9.###.241.231:23
- 2.##.70.235:23
- 21#.##.108.82:23
- 16#.##5.240.59:23
- 68.###.28.189:23
- 49.##5.232.5:23
- 11#.##.23.126:23
- 17.###.237.220:23
- 75.##.88.43:23
- 13#.#8.10.99:23
- 20#.##.132.170:23
- 16#.##.98.207:23
- 43.###.98.145:23
- 96.##8.40.73:23
- 18#.##2.89.48:23
- 70.##.241.52:23
- 65.###.175.37:23
- 92.##.100.211:23
- 13#.#7.99.24:23
- 15#.##3.109.127:23
- 14#.##0.29.22:23
- 20#.##7.109.10:23
- 14#.##8.140.230:23
- 90.###.60.248:23
- 87.###.211.34:23
- 49.###.175.31:23
- 13#.##.43.164:23
- 13#.##.142.112:23
- 14#.##5.99.151:23
- 86.###.138.80:23
- 14#.##0.34.127:23
- 22#.##1.169.57:23
- 16#.##4.114.5:23
- 67.###.119.240:23
- 59.##.126.87:23
- 10#.##.237.54:23
- 10#.#55.16.4:23
- 92.###.107.33:23
- 15#.##3.57.187:23
- 98.###.103.205:23
- 51.##.99.235:23
- 84.##.224.137:23
- 16#.#.168.146:23
- 44.##.8.139:23
- 16#.#1.64.36:23
- 18#.##3.224.59:23
- 16#.##2.136.114:23
- 11#.##.68.248:23
- 60.#.48.133:23
- 73.###.176.83:23
- 12#.##.237.173:23
- 94.##.47.69:23
- 14#.##.159.103:23
- 27.##6.64.27:23
- 45.##.234.204:23
- 10#.##8.159.32:23
- 10#.##8.233.222:23
- 83.##.116.69:23
- 43.##.61.89:23
- 17#.##9.211.65:23
- 21#.##7.150.137:23
- 17#.#3.196.6:23
- 18#.##.147.56:23
- 11#.##.59.244:23
- 52.##.23.246:23
- 14#.##6.226.189:23
- 91.##.47.161:23
- 46.##.241.127:23
- 68.###.98.108:23
- 40.##.209.51:23
- 21#.##4.85.24:23
- 21#.##9.83.222:23
- 20#.##1.225.93:23
- 84.###.243.238:23
- 18#.##7.42.209:23
- 11#.##9.185.37:23
- 14#.##7.65.17:23
- 18#.#.103.170:23
- 52.##.10.2:23
- 34.##.127.179:23
- 75.##8.49.22:23
- 11#.##.165.129:23
- 14#.##5.124.89:23
- 21#.##1.3.170:23
- 13#.##3.237.243:23
- 11#.##3.203.168:23
- 16#.##0.26.118:23
- 20#.##1.78.38:23
- 15#.##6.101.216:23
- 20#.##.100.51:23
- 16#.##5.24.114:23
- 20#.##3.238.62:23
- 41.###.33.238:23
- 12#.##.60.251:23
- 16#.#6.29.67:23
- 81.##5.21.69:23
- 16#.##2.119.11:23
- 19#.##.242.114:23
- 18.##.163.12:23
- 21#.##.57.202:23
- 19#.##0.28.67:23
- 16#.##6.124.66:23
- 19#.##.138.220:23
- 2.###.8.82:23
Receives data from the following servers:
- 94.###.83.102:1337
