Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- (null)
Kills system processes:
- sshd
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:2174
Establishes connection:
- 8.#.8.8:53
- 94.###.43.254:53
- 19#.#.81.97:1114
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
- na###ne.pirate
Sends data to the following servers:
- 19#.#.81.97:1114
- 90.##.243.237:23
- 17#.##1.215.117:23
- 35.###.12.216:23
- 17.##.16.170:23
- 13#.##.128.92:23
- 86.##.236.239:23
- 16#.##9.215.249:23
- 13#.##4.95.23:23
- 12#.##7.141.12:23
- 71.##.215.69:23
- 10#.##5.98.252:23
- 11#.##3.197.23:23
- 16#.#9.30.19:23
- 85.##.223.252:23
- 20#.##1.224.80:23
- 13#.##7.119.252:23
- 21#.##3.70.170:23
- 17#.##8.19.78:23
- 22#.##0.241.68:23
- 16#.##2.254.131:23
- 18#.#3.11.70:23
- 14.##5.82.5:23
- 49.##.34.237:23
- 21#.##.48.215:23
- 16#.##6.65.205:23
- 21#.##1.112.86:23
- 48.###.110.218:23
- 16#.##2.194.252:23
- 80.##.107.152:23
- 20#.##.171.158:23
- 80.###.176.240:23
- 43.#.125.115:23
- 74.###.146.96:23
- 19#.##.209.134:23
- 87.##.155.152:23
- 68.##1.31.81:23
- 32.##.97.194:23
- 19#.#57.80.5:23
- 14#.##.103.64:23
- 15#.#3.43.38:23
- 20#.##4.2.196:23
- 50.###.78.231:23
- 83.###.163.237:23
- 39.###.90.148:23
- 86.##.236.150:23
- 2.###.96.156:23
- 85.###.75.121:23
- 48.##.84.240:23
- 18#.##1.216.132:23
- 15#.##4.134.221:23
- 20#.##4.216.111:23
- 18#.##2.161.98:23
- 77.##0.1.7:23
- 62.##0.53.26:23
- 19#.##4.179.28:23
- 20.##1.167.8:23
- 13#.##.182.88:23
- 86.###.25.235:23
- 82.##.166.209:23
- 16#.##.123.185:23
- 10#.##.103.209:23
- 57.##.67.143:23
- 15#.##2.101.224:23
- 52.###.248.126:23
- 17#.##4.85.191:23
- 12#.##.26.155:23
- 19#.##.127.172:23
- 50.##.111.21:23
- 17#.##.219.24:23
- 95.##.133.57:23
- 14#.##8.195.13:23
- 12#.##4.179.26:23
- 11#.##.237.48:23
- 21#.##5.144.252:23
- 13#.##2.146.137:23
- 25.###.154.153:23
- 19#.##0.65.78:23
- 18.##.180.152:23
- 77.##.189.42:23
- 87.###.28.105:23
- 27.###.207.120:23
- 11#.#3.41.19:23
- 10#.##9.164.215:23
- 45.##1.1.192:23
- 13#.##7.72.66:23
- 92.##.169.154:23
- 14#.##.221.102:23
- 14.###.132.51:23
- 18#.##0.2.171:23
- 17#.##0.77.48:23
- 17#.##2.112.122:23
- 58.##.210.140:23
- 17#.##.112.108:23
- 20#.#3.93.87:23
- 10#.##7.173.82:23
- 13#.##.218.160:23
- 1.##.123.235:23
- 53.##0.64.50:23
- 20#.#13.40.3:23
- 85.##.126.13:23
- 57.##.231.181:23
- 15#.##0.107.189:23
- 20#.##9.14.206:23
- 11#.##.49.171:23
- 41.##.134.64:23
- 16#.##1.62.196:23
- 43.###.199.183:23
- 80.#.96.198:23
- 42.#.37.104:23
- 2.###.67.215:23
- 90.##.34.115:23
- 47.###.92.252:23
- 44.###.175.52:23
- 35.##6.1.249:23
- 73.##.230.143:23
- 18#.#7.74.43:23
- 20#.##5.93.172:23
- 12.###.238.113:23
- 20#.##0.174.152:23
- 93.###.50.129:23
- 16#.##6.118.134:23
- 12#.##7.107.177:23
- 44.##.223.72:23
- 43.###.214.180:23
- 81.##.99.223:23
- 14#.#.0.103:23
- 19#.##5.58.239:23
- 19#.##7.221.145:23
- 19#.##5.188.215:23
- 19#.##.19.147:23
- 18#.#55.12.5:23
- 18#.#8.129.5:23
- 13#.##.197.110:23
- 4.###.145.170:23
- 17#.##.198.87:23
- 21#.##.87.136:23
- 16#.##.49.118:23
- 11#.#26.4.80:23
- 18#.##9.197.132:23
- 18#.#29.36.8:23
- 15#.##2.36.164:23
- 14#.##3.172.113:23
- 89.##.40.75:23
- 49.###.192.200:23
- 37.###.70.109:23
- 15#.##.222.54:23
- 54.##.133.255:23
- 64.###.159.91:23
- 54.##.14.31:23
- 20#.##2.154.195:23
- 12#.#.153.47:23
- 93.##4.3.252:23
- 12#.##.194.192:23
- 69.###.158.34:23
- 21#.##4.137.94:23
- 24.##.31.32:23
- 16#.##6.133.20:23
- 13#.##.39.234:23
- 13#.##9.244.31:23
- 75.##.30.126:23
- 21#.##9.119.10:23
- 70.###.227.30:23
- 80.##.239.171:23
- 8.###.197.97:23
- 31.###.65.176:23
- 13#.##.77.240:23
- 25.##2.75.7:23
- 76.##.91.204:23
- 87.##.222.199:23
- 13#.##6.33.147:23
- 11#.##1.241.174:23
- 22#.##.96.171:23
- 60.##.67.68:23
- 10#.##8.49.113:23
- 14#.##.179.119:23
- 36.##6.6.38:23
- 18#.##.131.65:23
- 21#.##9.71.68:23
- 20#.##9.46.226:23
- 21#.##.233.90:23
- 14#.#62.6.33:23
- 13#.##3.121.74:23
- 12#.##2.43.215:23
- 62.##.231.205:23
- 12#.##6.88.135:23
- 44.##.105.23:23
- 41.##4.47.92:23
- 21#.#0.30.45:23
- 59.###.155.115:23
- 10#.##5.217.187:23
- 15#.##.12.196:23
- 92.##9.50.99:23
- 69.###.105.247:23
- 11#.##0.31.66:23
- 19#.##0.230.43:23
- 10#.#6.53.56:23
- 76.#.9.169:23
- 19#.##.254.157:23
- 66.##7.234.0:23
- 54.##.89.40:23
- 18#.##3.183.33:23
- 11#.##8.45.97:23
- 15#.##3.245.173:23
- 21#.##.147.210:23
- 21#.##.248.114:23
- 16#.#7.17.50:23
- 17#.##9.225.53:23
- 18#.##4.233.157:23
- 91.##.245.92:23
- 15#.##3.87.211:23
- 13#.##2.242.175:23
- 10#.##5.87.45:23
- 15#.##1.80.154:23
- 19#.##1.22.248:23
- 20#.##3.86.36:23
- 63.###.254.69:23
- 15#.##.152.113:23
- 14#.##2.238.144:23
- 20#.##2.221.68:23
- 14#.#7.89.87:23
- 21#.##4.172.90:23
- 16#.##9.195.89:23
- 49.##.17.85:23
- 20#.##2.239.131:23
- 14#.##6.165.37:23
- 45.###.206.56:23
- 17#.##1.131.132:23
- 17#.##5.114.26:23
- 17#.##9.168.183:23
- 49.###.88.146:23
- 19#.##3.79.89:23
- 14#.##7.87.165:23
- 18#.##0.13.155:23
- 11#.##0.25.53:23
- 93.###.175.127:23
- 18#.##.101.112:23
- 16#.##.241.149:23
- 17#.##9.112.77:23
- 20#.##4.41.130:23
- 20#.##1.202.142:23
- 14#.##4.230.160:23
- 15#.##0.152.112:23
- 13#.##.253.180:23
- 14#.##2.228.132:23
- 72.##.146.50:23
- 38.###.98.123:23
- 87.###.147.140:23
- 78.###.232.175:23
- 12#.#5.84.77:23
- 11#.#.187.226:23
- 13#.##.218.158:23
- 18#.##.11.171:23
- 18#.##.53.190:23
- 20#.##3.25.98:23
- 13#.##9.118.45:23
- 21#.##.195.136:23
- 18#.##8.14.193:23
- 34.##.194.35:23
- 16#.##7.113.179:23
- 13#.##.142.128:23
- 48.##.84.123:23
- 13#.##.253.101:23
- 20#.##1.201.208:23
- 17#.##.240.253:23
- 72.###.139.85:23
- 13#.##4.58.97:23
- 17#.##1.100.196:23
- 19#.##0.240.104:23
- 16#.##.22.126:23
- 46.###.206.166:23
- 31.##.178.128:23
- 52.##.59.115:23
- 20#.#.97.10:23
- 83.###.217.212:23
- 21#.##0.134.168:23
- 59.##.138.92:23
- 13#.#.80.115:23
- 18#.##3.218.230:23
- 12#.##8.146.25:23
- 2.##.89.97:23
- 87.##.6.5:23
- 19#.##8.12.152:23
Receives data from the following servers:
- 19#.#.81.97:1114
