Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- (null)
Kills system processes:
- sshd
Kills the following processes:
- exim4
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:2174
Establishes connection:
- 8.#.8.8:53
- 13#.##.64.122:53
- 94.###.83.102:12381
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- na###ne.pirate
Sends data to the following servers:
- 94.###.83.102:12381
- 20#.##.183.70:23
- 11#.#9.92.44:23
- 13#.##.231.60:23
- 20#.##0.34.248:23
- 35.###.108.119:23
- 10#.##1.174.237:23
- 12#.##4.198.79:23
- 18#.##.122.221:23
- 15#.#.26.115:23
- 31.##.109.27:23
- 35.##.117.164:23
- 37.###.127.97:23
- 20#.##5.26.208:23
- 63.###.208.101:23
- 13.##.137.1:23
- 20#.#8.1.163:23
- 5.###.120.161:23
- 45.#.229.194:23
- 75.##.17.76:23
- 34.#.31.83:23
- 11#.##7.45.35:23
- 97.###.177.120:23
- 19#.##4.176.147:23
- 17#.##.164.208:23
- 16#.##5.232.85:23
- 15#.##9.140.70:23
- 97.##.246.22:23
- 87.##.39.149:23
- 11#.##2.229.45:23
- 5.##.250.106:23
- 16#.##.56.188:23
- 21#.#5.19.99:23
- 25.##.222.217:23
- 94.###.164.46:23
- 10#.##.210.81:23
- 18.##.174.76:23
- 40.##.102.2:23
- 93.##.22.122:23
- 17#.#8.19.87:23
- 19#.##5.160.60:23
- 15#.##2.62.104:23
- 71.##.222.71:23
- 82.##.150.199:23
- 69.###.208.209:23
- 67.##.40.30:23
- 15#.#.17.107:23
- 74.###.102.253:23
- 16#.##.162.48:23
- 16#.##9.18.132:23
- 14#.#4.75.40:23
- 16#.##5.101.117:23
- 95.##0.89.17:23
- 11#.##5.35.90:23
- 47.###.155.71:23
- 13#.##.133.229:23
- 14#.##6.78.160:23
- 12#.#4.61.29:23
- 16#.##.56.105:23
- 96.##.146.20:23
- 66.###.242.231:23
- 10#.##3.60.130:23
- 18#.##4.31.53:23
- 18#.##3.166.213:23
- 18#.##9.209.61:23
- 15#.#0.71.0:23
- 15#.#0.46.40:23
- 14#.##1.249.237:23
- 14#.##5.127.49:23
- 44.##.109.86:23
- 11#.##8.229.151:23
- 15#.##1.7.146:23
- 14#.##0.184.169:23
- 27.###.212.127:23
- 13#.##0.32.119:23
- 19#.#.5.243:23
- 71.###.197.57:23
- 11#.##7.240.164:23
- 20#.##1.85.191:23
- 11#.##1.129.218:23
- 10#.##.232.58:23
- 10#.##.45.230:23
- 11#.##9.239.198:23
- 10#.##7.224.154:23
- 18#.##0.45.208:23
- 15#.##2.44.212:23
- 20#.##.144.179:23
- 54.##.22.110:23
- 15#.##6.44.109:23
- 19#.##.229.170:23
- 73.###.16.105:23
- 14#.#5.46.72:23
- 64.###.249.197:23
- 79.##.1.192:23
- 19#.#.123.57:23
- 20#.##9.245.63:23
- 15#.##.144.124:23
- 90.###.189.164:23
- 13#.##0.15.244:23
- 78.###.176.65:23
- 85.###.23.221:23
- 25.##2.79.60:23
- 19.###.242.158:23
- 80.###.46.158:23
- 21#.##8.151.4:23
- 20#.##5.86.44:23
- 99.##.36.123:23
- 13#.##1.164.153:23
- 18#.##4.131.241:23
- 15#.##.75.243:23
- 15#.##6.223.83:23
- 21#.##3.161.179:23
- 54.###.245.132:23
- 5.##.57.221:23
- 22#.##0.55.14:23
- 8.###.208.222:23
- 61.##3.6.137:23
- 15#.#73.6.36:23
- 12#.#54.94.9:23
- 34.###.24.186:23
- 19#.##0.30.139:23
- 83.###.248.66:23
- 18#.##4.124.56:23
- 32.###.17.196:23
- 14#.##9.239.155:23
- 92.###.180.46:23
- 19.##.125.201:23
- 16#.##3.86.218:23
- 84.##.210.166:23
- 18.###.102.15:23
- 10#.##.93.194:23
- 22#.##3.68.29:23
- 83.##.211.223:23
- 19#.##9.211.87:23
- 1.##.114.134:23
- 47.##.139.60:23
- 10#.##.106.197:23
- 82.##.222.178:23
- 72.##.137.2:23
- 19#.#6.55.86:23
- 11#.##2.179.113:23
- 13.###.254.82:23
- 10#.##.19.220:23
- 15#.##5.126.95:23
- 10#.##1.40.224:23
- 11#.##6.75.215:23
- 20#.##0.212.120:23
- 14#.##6.199.145:23
- 18.###.209.10:23
- 12#.##4.18.18:23
- 18#.##5.108.39:23
- 20#.##4.199.65:23
- 18#.#.8.241:23
- 15#.##0.22.113:23
- 18#.#5.46.25:23
- 21#.##4.65.15:23
- 11#.##5.233.91:23
- 13#.##5.128.187:23
- 40.##4.22.5:23
- 10#.##.190.144:23
- 15#.##4.106.44:23
- 19#.#0.102.1:23
- 11#.##.104.169:23
- 18#.##2.109.134:23
- 11#.##.210.170:23
- 17#.#3.158.5:23
- 23.###.112.51:23
- 15#.##5.152.117:23
- 41.##.76.123:23
- 62.###.208.158:23
- 13#.##.237.70:23
- 51.##.168.33:23
- 10#.##4.173.179:23
- 19#.##8.36.232:23
- 91.##.242.27:23
- 1.##.30.254:23
- 67.###.133.165:23
- 11#.##5.42.152:23
- 19#.##4.106.201:23
- 46.###.194.213:23
- 10#.##3.158.187:23
- 22#.##.94.137:23
- 14#.##5.196.160:23
- 78.###.186.96:23
- 17#.##7.213.185:23
- 15#.#1.66.42:23
- 16#.##4.236.228:23
- 17#.##7.226.188:23
- 32.###.144.126:23
- 58.###.77.234:23
- 10#.##9.16.42:23
- 19#.##.101.25:23
- 65.##.45.28:23
- 14#.##1.205.195:23
- 10#.#.25.166:23
- 38.###.219.127:23
- 13#.##5.113.20:23
- 22#.#.30.192:23
- 16#.#.205.204:23
- 18#.##.251.118:23
- 20#.##5.15.80:23
- 47.##.66.15:23
- 91.###.194.197:23
- 18#.##2.221.185:23
- 70.##.236.26:23
- 21#.##4.119.114:23
- 10#.#.39.122:23
- 11#.##4.33.82:23
- 13.###.153.13:23
- 21#.##.208.43:23
- 22#.##.232.216:23
- 18#.##2.73.99:23
- 19#.#.146.116:23
- 15#.##.157.188:23
- 12#.##6.154.245:23
- 18#.##.91.248:23
- 10#.##9.181.32:23
- 54.##.238.73:23
- 8.#.1.99:23
- 20#.##4.81.130:23
- 93.###.247.56:23
- 19#.##.250.218:23
- 20#.##6.242.225:23
- 87.###.18.176:23
- 15#.##.230.57:23
- 64.###.188.39:23
- 63.##.190.125:23
- 35.##.125.168:23
- 19#.##1.150.102:23
- 16#.##4.207.109:23
- 32.###.26.195:23
- 18#.##.162.162:23
- 18#.##2.72.91:23
- 19#.##.228.159:23
- 22#.##6.245.182:23
- 16#.##2.216.152:23
- 38.##.21.206:23
- 14#.##5.35.21:23
- 20#.##0.239.126:23
- 14#.##5.200.187:23
- 25.##0.6.153:23
- 71.###.52.112:23
- 11#.##.169.154:23
- 92.##3.86.63:23
- 12#.##.166.190:23
- 78.##.187.212:23
- 10#.#2.20.28:23
- 15#.##3.91.23:23
- 87.###.221.133:23
- 73.###.143.178:23
- 88.###.212.192:23
- 16#.##.23.214:23
- 20.###.249.158:23
- 17#.##6.95.79:23
- 14#.##3.80.184:23
- 80.##.55.209:23
- 11#.##.231.41:23
- 36.##.139.197:23
- 11#.##0.143.60:23
- 14#.#6.74.37:23
- 13#.##1.221.143:23
- 15#.##2.10.102:23
- 15#.##3.205.65:23
- 50.###.233.127:23
- 11#.##1.116.55:23
- 17#.##8.101.226:23
- 93.###.90.172:23
- 53.###.172.64:23
- 4.#.#4.162:23
- 14#.##2.77.130:23
- 84.##2.17.58:23
- 15#.##3.173.42:23
- 18.##9.26.92:23
- 18#.##2.231.107:23
- 81.##.90.170:23
- 11#.##.165.228:23
- 16#.##0.61.47:23
- 13#.##1.196.197:23
- 16#.#7.70.8:23
- 17#.#6.3.122:23
- 19#.##9.49.173:23
- 84.##.6.72:23
- 14#.##0.121.249:23
- 17#.##2.13.147:23
- 74.##0.24.88:23
- 14#.##4.118.204:23
- 17#.##1.255.65:23
- 65.##1.255.0:23
- 16#.##9.89.169:23
- 12#.##4.213.3:23
- 17#.##5.4.208:23
- 48.##.160.100:23
- 53.##.17.71:23
- 17#.##.153.204:23
- 77.##.44.80:23
- 17#.##7.96.109:23
- 11#.##7.112.227:23
- 9.##.104.49:23
- 83.##.20.95:23
- 14#.##7.214.45:23
- 13#.##3.236.175:23
- 5.##.173.167:23
- 14#.##4.253.65:23
- 25.###.39.244:23
- 35.##.41.68:23
- 44.###.51.134:23
- 44.##.60.187:23
- 4.###.149.150:23
- 10#.##.206.152:23
- 66.##3.6.237:23
- 11#.##.34.159:23
- 17#.##6.92.74:23
- 10#.##1.151.37:23
- 20.###.253.164:23
- 87.###.196.228:23
- 46.##.36.115:23
- 11#.##.123.255:23
- 88.###.255.220:23
- 41.###.210.57:23
- 14#.##6.108.85:23
- 12#.##.227.30:23
- 22#.#.103.91:23
- 13#.##.40.198:23
- 73.##.62.164:23
- 14#.#1.38.94:23
- 11#.##8.185.65:23
- 70.###.42.127:23
- 82.##.144.183:23
- 10#.##9.165.153:23
- 20#.##0.67.113:23
- 15#.##1.34.200:23
- 72.###.38.187:23
- 19#.##9.85.129:23
- 20#.##2.240.203:23
- 12#.##.104.16:23
- 11#.##5.83.58:23
- 8.###.129.37:23
- 54.##5.43.55:23
- 22#.##4.164.215:23
- 20#.##1.118.219:23
- 21#.##.52.133:23
- 20#.##6.255.83:23
- 18#.##2.34.90:23
- 40.###.110.155:23
- 99.##.137.180:23
- 12.##.5.20:23
- 20#.##1.249.135:23
- 14#.##.199.55:23
Receives data from the following servers:
- 94.###.83.102:12381
