Техническая информация
Вредоносные функции:
Запускает себя в качестве демона
Подменяет имя приложения на:
- e28081
Сетевая активность:
Ожидает входящих соединений на портах:
- 127.0.0.1:33337
Устанавливает соединение:
- 8.#.8.8:53
- 45.###.232.208:33335
Проводит атаку перебором по словарю (брутфорс) по протоколу Telnet.
DNS ASK:
- ro##me.xyz
Посылает данные следующим серверам:
- 45.###.232.208:33335
- 29.##.233.15:23
- 71.###.212.192:23
- 74.###.100.149:23
- 12#.##3.93.176:23
- 30.###.10.183:23
- 19#.##.255.145:23
- 24#.##9.141.133:23
- 72.##.134.55:23
- 22#.##5.103.136:23
- 21#.##.15.160:23
- 20#.##9.33.26:23
- 12#.##4.46.211:23
- 61.###.21.156:23
- 19#.##.90.130:23
- 23#.##2.24.198:23
- 84.##5.87.8:23
- 15#.##3.78.166:23
- 14#.##.149.206:23
- 24#.##2.224.59:23
- 73.##.39.44:23
- 23#.##.36.232:23
- 45.##1.56.23:23
- 6.#.#07.48:23
- 59.###.186.185:23
- 18#.##0.237.224:23
- 75.###.90.158:23
- 16#.##4.123.45:23
- 20.###.150.191:23
- 10#.##1.61.150:23
- 24#.##.57.246:23
- 10#.##6.124.233:23
- 11#.##.80.151:23
- 37.###.108.136:23
- 70.###.221.161:23
- 24#.##3.158.169:23
- 24#.##3.147.75:23
- 24#.##2.140.126:23
- 36.###.166.124:23
- 24#.##7.253.79:23
- 19#.##7.101.218:23
- 16#.##8.250.93:23
- 28.###.152.252:23
- 15#.##2.139.94:23
- 22#.#1.67.80:23
- 11#.#.93.80:23
- 16#.##6.85.212:23
- 12#.#.4.166:23
- 91.##.74.93:23
- 89.###.73.214:23
- 23#.##2.101.117:23
- 5.###.64.130:23
- 37.###.220.167:23
- 16#.##2.7.174:23
- 68.##.86.43:23
- 14#.##5.82.135:23
- 21.###.130.74:23
- 23#.##0.73.213:23
- 71.##.3.224:23
- 33.##.48.163:23
- 83.###.165.198:23
- 78.##.159.224:23
- 83.###.167.20:23
- 16#.#.11.96:23
- 24#.##.210.114:23
- 17#.##6.114.134:23
- 18#.##8.21.159:23
- 13.###.161.150:23
- 87.###.22.195:23
- 14#.##5.244.250:23
- 22.##.68.92:23
- 21#.##6.25.212:23
- 59.##.97.64:23
- 5.###.116.182:23
- 17#.##6.100.198:23
- 65.###.107.88:23
- 10#.#8.22.6:23
- 19#.##9.197.91:23
- 19#.##.199.54:23
- 10#.##.141.195:23
- 17#.##3.47.232:23
- 74.#.56.249:23
- 23.##.255.154:23
- 17#.##.239.206:23
- 11#.##.229.224:23
- 10#.##8.98.131:23
- 24#.##.202.137:23
- 98.###.46.210:23
- 73.##.68.160:23
- 78.##.22.141:23
- 19#.#5.41.53:23
- 85.##.137.152:23
- 22#.##2.33.112:23
- 17#.##9.243.142:23
- 11#.##6.183.171:23
- 62.###.163.229:23
- 13#.##0.161.218:23
- 34.###.40.182:23
- 80.##.210.6:23
- 19#.##0.123.168:23
- 12#.##.65.222:23
- 11#.##0.60.108:23
- 62.##.24.1:23
- 21#.##4.130.162:23
- 11#.##.236.155:23
- 14#.##3.117.37:23
- 11#.##.183.170:23
- 90.##.128.25:23
- 15.#.55.150:23
- 75.###.197.132:23
- 13#.#0.5.13:23
- 10#.##.112.107:23
- 91.###.168.102:23
- 19#.##.40.178:23
- 17.##.21.36:23
- 13#.##7.55.95:23
- 21.##.95.235:23
- 61.###.156.108:23
- 17#.##3.219.59:23
- 14#.##.253.24:23
- 19#.##6.64.190:23
- 23#.#0.86.4:23
- 23#.##7.58.255:23
- 17#.##1.103.82:23
- 13#.##6.33.157:23
- 96.##.49.130:23
- 23#.##6.89.228:23
- 20#.##1.161.41:23
- 85.##.180.150:23
- 24#.##3.250.81:23
- 88.###.29.207:23
- 21#.##.92.135:23
- 19#.##.243.164:23
- 22#.##0.49.51:23
- 13#.##1.190.126:23
- 17#.##5.222.102:23
- 99.###.24.216:23
- 13#.##1.84.181:23
- 24#.#.123.106:23
- 19#.##4.202.235:23
- 13#.##.129.78:23
- 20#.##9.43.159:23
- 63.###.126.91:23
- 47.###.210.65:23
- 22#.##.60.223:23
- 18#.#.240.16:23
- 91.###.76.247:23
- 20#.##3.53.147:23
- 12#.##4.40.223:23
- 25#.##4.30.37:23
- 21#.##1.79.148:23
- 19.###.203.154:23
- 96.##.46.164:23
- 14#.##0.183.50:23
- 31.##.233.142:23
- 20#.##.48.116:23
- 17#.##.235.38:23
- 25#.##.106.124:23
- 14#.##.156.75:23
- 24.###.77.101:23
- 75.###.241.79:23
- 18#.##6.50.44:23
- 68.##.94.150:23
- 83.###.126.253:23
- 89.###.21.173:23
- 10#.##.187.118:23
- 75.##2.20.10:23
- 20#.##2.157.43:23
- 70.###.246.34:23
- 11#.##.238.169:23
- 13#.##.223.219:23
- 59.###.71.235:23
- 18#.##6.218.252:23
- 11#.##.219.22:23
- 22#.##.138.127:23
- 16#.##1.113.103:23
- 24#.#5.71.74:23
- 18.##.146.226:23
- 18#.##.141.155:23
- 38.###.210.117:23
- 5.##.167.88:23
- 39.##6.37.41:23
- 20#.#.90.133:23
- 18.##.201.112:23
- 14#.##3.220.252:23
- 61.###.125.238:23
- 21#.##5.37.178:23
- 95.##.108.82:23
- 38.##.67.144:23
- 15#.##7.45.176:23
- 50.##6.12.57:23
- 5.###.182.232:23
- 21#.##7.136.60:23
- 13#.##2.227.27:23
- 15#.##.225.193:23
- 17#.##.166.220:23
- 90.##.205.205:23
- 18#.#.70.68:23
- 11#.##5.57.56:23
- 26.###.151.174:23
- 19#.##1.100.151:23
- 19#.##.219.157:23
- 11.##.152.102:23
- 91.###.144.158:23
- 21#.##3.96.122:23
- 18.###.203.125:23
- 4.##.113.38:23
- 18#.#.149.253:23
- 53.###.148.10:23
- 42.##.20.231:23
- 21#.##.166.165:23
- 16#.##1.47.219:23
- 23#.##.154.245:23
- 13#.##8.173.103:23
- 12.##4.85.11:23
- 18#.##5.136.11:23
- 25#.##4.156.101:23
- 12.##.107.250:23
- 69.###.223.82:23
- 21#.##.137.222:23
- 49.##.24.24:23
- 10#.#33.9.37:23
- 15#.#6.66.70:23
- 24#.##.216.140:23
- 12#.##0.200.140:23
- 10#.##4.53.160:23
- 54.###.87.122:23
Получает данные от следующих серверов:
- 45.###.232.208:33335
