Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- (null)
Kills system processes:
- sshd
Kills the following processes:
- exim4
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:2174
Establishes connection:
- 8.#.8.8:53
- 13#.##.64.122:53
- 19#.#.81.97:8932
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- da#####roomskids.pirate
Sends data to the following servers:
- 19#.#.81.97:8932
- 19#.##.247.58:23
- 21#.##1.35.240:23
- 14#.##4.159.83:23
- 85.##.45.149:23
- 13#.##.157.17:23
- 13#.##3.68.163:23
- 18#.##1.56.17:23
- 14#.##4.141.73:23
- 13#.##7.188.61:23
- 12#.#7.0.75:23
- 22#.##9.206.99:23
- 20#.##.66.244:23
- 12#.#5.96.41:23
- 10#.##6.163.163:23
- 20.##4.102.3:23
- 21#.##.150.114:23
- 22#.##7.30.252:23
- 31.##.197.138:23
- 12#.##.205.16:23
- 46.##.241.210:23
- 19.##8.18.4:23
- 22#.##.193.236:23
- 17#.##.232.71:23
- 17#.##3.244.222:23
- 16#.##5.166.119:23
- 11#.##6.155.5:23
- 88.##9.46.1:23
- 87.###.254.233:23
- 19#.##1.193.109:23
- 22#.##5.226.179:23
- 45.###.40.115:23
- 21#.#9.19.98:23
- 81.###.90.238:23
- 66.##9.6.17:23
- 13#.##7.50.107:23
- 17#.#.139.60:23
- 19#.#6.17.87:23
- 10#.##.178.168:23
- 20#.##8.220.87:23
- 14.##.190.229:23
- 62.##.13.234:23
- 19#.##.110.214:23
- 96.##.79.145:23
- 39.##.14.73:23
- 11#.##.155.228:23
- 14#.##6.135.140:23
- 17#.##9.23.22:23
- 59.##.254.74:23
- 21#.##7.203.73:23
- 19#.##.250.235:23
- 14#.##7.205.80:23
- 19#.##.123.76:23
- 42.##0.8.204:23
- 10#.##4.13.28:23
- 10#.##0.199.93:23
- 23.##.30.21:23
- 19#.##3.13.28:23
- 14#.##4.83.81:23
- 10#.##.83.160:23
- 87.###.117.71:23
- 53.##.55.88:23
- 9.###.216.216:23
- 87.##.202.62:23
- 16#.##1.253.45:23
- 20#.##2.107.11:23
- 12#.##0.238.10:23
- 95.###.241.81:23
- 5.###.67.95:23
- 17#.##4.155.228:23
- 18#.#9.1.26:23
- 15#.##.23.246:23
- 18#.##0.158.199:23
- 12#.##7.236.31:23
- 78.###.49.135:23
- 18#.##3.104.15:23
- 20#.##9.161.146:23
- 81.###.60.235:23
- 14#.##2.120.233:23
- 51.##.173.245:23
- 11#.##.135.101:23
- 52.###.204.220:23
- 14#.##7.110.195:23
- 5.###.180.15:23
- 19#.##.91.175:23
- 10#.##2.169.94:23
- 44.###.96.243:23
- 41.###.178.36:23
- 95.###.111.191:23
- 16#.##6.198.146:23
- 66.##5.16.40:23
- 54.##.162.21:23
- 10#.##.164.36:23
- 16#.#3.97.90:23
- 15#.##6.19.201:23
- 17#.##0.70.185:23
- 13#.##.95.244:23
- 22#.##4.22.70:23
- 88.#.210.157:23
- 12#.##5.117.226:23
- 86.###.211.222:23
- 95.##0.3.185:23
- 15#.##6.108.220:23
- 11#.##.51.243:23
- 16#.##9.181.68:23
- 32.###.56.177:23
- 21#.##.236.138:23
- 18#.##1.133.159:23
- 13#.##2.143.108:23
- 27.###.25.205:23
- 12#.#.38.142:23
- 22#.##.246.140:23
- 19#.##1.34.255:23
- 90.##.232.15:23
- 13.##.223.116:23
- 18#.#7.14.50:23
- 18#.##.154.24:23
- 21#.##3.255.240:23
- 48.##.154.40:23
- 94.###.149.136:23
- 15#.##.244.116:23
- 37.##.220.146:23
- 17.##6.87.39:23
- 95.##.244.94:23
- 4.##.79.106:23
- 78.##.203.126:23
- 14#.##.12.122:23
- 12#.##2.72.167:23
- 15#.#.50.144:23
- 32.###.91.165:23
- 94.##3.5.19:23
- 12#.##.147.165:23
- 94.###.173.49:23
- 13#.#.204.95:23
- 12#.##5.254.208:23
- 18#.##.92.210:23
- 70.##7.22.94:23
- 14#.##5.9.157:23
- 43.###.254.75:23
- 22#.##.221.103:23
- 14#.##.108.244:23
- 73.##.209.200:23
- 18#.##.87.104:23
- 13#.#.127.211:23
- 75.###.223.68:23
- 16#.#3.48.26:23
- 13#.##3.61.204:23
- 61.##.0.144:23
- 19#.##5.245.122:23
- 21#.##7.93.219:23
- 18#.##4.167.107:23
- 14#.#7.57.99:23
- 36.##.189.98:23
- 22#.##6.221.100:23
- 12.###.35.143:23
- 21#.#.151.201:23
- 60.#.115.191:23
- 20#.##4.17.21:23
- 20#.##.140.113:23
- 20#.##0.214.225:23
- 10#.##3.237.28:23
- 8.###.179.67:23
- 77.###.36.152:23
- 21#.#0.149.1:23
- 92.##.63.53:23
- 57.##.170.204:23
- 17#.##9.155.220:23
- 17#.##0.37.38:23
- 87.###.115.126:23
- 96.##.102.89:23
- 63.##.214.64:23
- 12.##.96.9:23
- 14#.##.83.241:23
- 12#.##8.16.180:23
- 5.###.147.237:23
- 21#.#7.8.160:23
- 13#.#.196.235:23
- 76.##3.4.71:23
- 17#.##0.86.227:23
- 18#.##.82.130:23
- 69.##.255.34:23
- 13#.##6.30.49:23
- 18#.##.73.204:23
- 91.###.56.226:23
- 12#.#6.67.67:23
- 19.###.70.109:23
- 16#.##0.106.43:23
- 51.#.200.180:23
- 94.###.252.28:23
- 65.##7.80.4:23
- 14#.##.219.192:23
- 12#.##4.133.94:23
- 13#.##.11.158:23
- 84.##.250.114:23
- 16#.##.183.67:23
- 21#.#10.75.9:23
- 69.##.24.238:23
- 22#.##8.75.147:23
- 10#.##1.180.20:23
- 24.###.197.21:23
- 10#.##.197.10:23
- 19#.##.148.105:23
- 15#.##2.22.171:23
- 24.###.92.165:23
- 17#.#.214.49:23
- 99.###.171.237:23
- 15#.##.103.20:23
- 48.##.105.24:23
- 15#.##1.124.248:23
- 77.##.116.136:23
- 14#.##0.197.223:23
- 20#.##6.73.85:23
- 20#.##.201.67:23
- 11#.#4.94.50:23
- 77.##.201.73:23
- 12#.##7.121.249:23
- 15#.##5.169.211:23
- 12#.##6.93.107:23
- 80.##2.4.242:23
- 98.###.102.66:23
- 69.###.55.183:23
- 8.###.177.21:23
- 67.##.247.43:23
- 12#.#.195.128:23
- 59.##.203.121:23
- 44.###.176.190:23
- 19.##.244.92:23
- 16#.#0.85.6:23
- 4.###.40.58:23
- 20.##.123.81:23
- 17.##.89.252:23
- 17#.##4.114.42:23
- 17#.##2.28.193:23
- 90.###.198.106:23
- 89.###.183.93:23
- 59.###.176.116:23
- 22#.##.141.13:23
- 77.###.22.134:23
- 11#.##.27.152:23
- 23.###.150.168:23
- 19#.##0.168.142:23
- 39.###.160.38:23
- 48.###.227.245:23
- 14#.##3.238.122:23
- 14#.#.87.157:23
- 15#.##.247.40:23
- 20#.##9.217.231:23
- 9.###.182.28:23
- 17#.#6.8.143:23
- 22#.##0.39.22:23
- 54.##2.6.95:23
- 13#.##6.5.203:23
- 15#.##.222.206:23
- 21#.##.240.219:23
- 20.###.63.146:23
- 15#.##4.162.154:23
- 60.###.48.208:23
- 19#.##.83.174:23
- 15#.##5.175.133:23
- 16#.##9.116.76:23
- 13.##.211.140:23
- 20#.##2.172.50:23
- 73.###.221.20:23
- 62.###.99.132:23
- 90.###.77.252:23
- 18.##8.31.73:23
- 18#.##6.99.110:23
- 9.###.123.66:23
- 11#.##.215.52:23
- 98.##.15.74:23
- 14#.##5.226.0:23
- 21#.##4.247.123:23
- 13#.##8.129.127:23
- 24.###.194.170:23
- 21#.##.240.241:23
- 11#.##7.140.25:23
- 19#.##3.49.164:23
- 15#.##2.157.14:23
- 53.###.130.99:23
- 13#.##2.19.139:23
- 98.###.255.229:23
- 17#.##6.25.154:23
- 15#.##0.130.157:23
- 46.##.12.213:23
- 13#.##.174.53:23
- 63.##.16.34:23
- 16#.##.43.221:23
- 13#.##3.157.110:23
- 39.###.17.129:23
- 10#.#7.19.51:23
- 9.###.155.225:23
- 17#.##.106.113:23
- 21#.##6.43.71:23
- 16#.##6.104.230:23
- 19#.##.53.251:23
- 13#.##0.197.62:23
- 12#.##8.234.44:23
- 53.###.153.231:23
- 32.##6.29.13:23
- 10#.##.192.87:23
- 14#.##2.92.53:23
- 62.##.161.124:23
- 31.##0.27.63:23
- 94.###.41.190:23
- 21#.##7.245.56:23
- 20#.##7.11.207:23
Receives data from the following servers:
- 19#.#.81.97:8932
