Technical Information
Malicious functions:
Substitutes application name for:
- bitcoin-scheduler
- bitcoin-http
- bitcoin-httpworker
- bitcoin-loadblk
- bitcoin-torcontrol
- bitcoin-dnsseed
- bitcoin-addcon
- bitcoin-net
- bitcoin-opencon
- bitcoin-msghand
- bitcoin-wallet
Performs operations with the file system:
Creates folders:
- /root/.litecoin
- /root/.litecoin/database
- /root/.litecoin/blocks
- /root/.litecoin/blocks/index
- /root/.litecoin/chainstate
Creates or modifies files:
- /root/.litecoin/.lock
- /root/.litecoin/litecoin.pid
- /root/.litecoin/debug.log
- /root/.litecoin/.cookie
- /root/.litecoin/db.log
- /root/.litecoin/blocks/index/LOG
- /root/.litecoin/blocks/index/LOCK
- /root/.litecoin/blocks/index/MANIFEST-000001
- /root/.litecoin/blocks/index/000001.dbtmp
- /root/.litecoin/blocks/index/000003.log
- /root/.litecoin/blocks/index/MANIFEST-000002
- /root/.litecoin/blocks/index/000002.dbtmp
- /root/.litecoin/chainstate/LOG
- /root/.litecoin/chainstate/LOCK
- /root/.litecoin/chainstate/MANIFEST-000001
- /root/.litecoin/chainstate/000001.dbtmp
- /root/.litecoin/chainstate/000003.log
- /root/.litecoin/chainstate/MANIFEST-000002
- /root/.litecoin/chainstate/000002.dbtmp
- /root/.litecoin/blocks/blk00000.dat
- /root/.litecoin/blocks/rev00000.dat
- /root/.litecoin/database/log.0000000001
- /root/.litecoin/__db.80000001.a04ec590
- /root/.litecoin/wallet.dat
- /root/.litecoin/peers.dat.2158
- /root/.litecoin/banlist.dat.95cb
Deletes files:
- /root/.litecoin/blocks/index/MANIFEST-000001"
- /root/.litecoin/chainstate/MANIFEST-000001"
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:9332
- 0.0.0.0:9333
Establishes connection:
- 127.0.0.1:9051
- <LOCAL_DNS_SERVER>
- 34.##8.72.33:0
- 88.##.153.163:0
- 18#.##1.122.125:0
- 17#.#7.247.71:0
- 95.###.182.182:0
- 13#.##7.190.88:0
- 78.##.25.168:0
- 80.###.226.203:0
- 45.##.35.4:0
- 14#.#6.40.144:0
- 77.###.219.162:0
- 17#.##8.225.137:0
- 85.##.144.226:0
- 17#.#4.15.154:0
- 17#.#0.22.151:0
- 47.##.77.195:0
- 85.##.144.163:0
- 95.###.137.129:0
- 14#.##.183.103:0
- 88.##.192.164:0
- 13#.##3.201.22:0
- 19#.#1.203.99:0
- 72.###.175.233:0
- 21#.#3.130.45:0
- [2##########000:5000:bc5a:72ac:36e9:175e]:0
- [2######20:1:200::587]:0
- [2##########55:98fa:109e:a0fd:2dac:9d0d]:0
- [2##########001:5cf:5400:1ff:fe4f:7239]:0
- [2##########:90d7:3c68:261b:6075:ffb8]:0
- [2#########8:953c:18e8:a80:e70d:86a6]:0
- [2#########8:953c:b5:2311:9744:e618]:0
- [2##########35:5d23:693a:c105:5330:2f33]:0
- [2######8:13b:2f5e::2]:0
- [2##########:9e76:24d8:37d2:bc46:a046]:0
- [2#########8:90d7:4c2:3ade:b82c:6973]:0
- [2######8:13b:2bc3::2]:0
- [2##########:6abd:2495:1976:fa61:db94]:0
- [2##########:90d7:3c9e:3eea:da40:4a4a]:0
- 76.#.245.36:0
- 19#.#95.61.18:0
- 21#.#0.130.72:0
- 5.###.199.75:0
- 10#.##0.213.11:0
- 65.##.110.135:0
- 74.##.93.22:0
- 18#.##3.198.25:0
- 73.##.94.59:0
- 15#.#86.36.86:0
- 46.#.79.187:0
- 85.##.195.161:0
- 54.###.208.190:0
- 94.##0.139.90:0
- 16#.#22.23.73:0
- 94.###.140.225:0
- 39.##4.88.227:0
- 18#.##4.140.155:0
- 10#.##7.155.25:0
- 54.##.23.180:0
- 19#.#0.18.161:0
- 17#.##2.215.105:0
- 73.##.184.110:0
- 15#.##3.126.108:0
- 10#.##.131.205:0
- 10#.##.130.205:0
- [2#######0:2048:1::681b:82cd]:0
- [2#######0:2048:1::681b:83cd]:0
- [2###########5:5d23:693a:c105:5330:2f33]:9333
- 18#.#09.49.52:0
- 16#.##3.216.244:0
- 17#.#1.68.101:0
- 10#.##7.52.103:0
- 18#.##5.252.11:0
- 15#.#9.80.185:0
- 98.##2.36.155:0
- 47.##0.63.114:0
- 19#.##2.228.240:0
- 18#.#2.59.116:0
- 19#.#6.80.101:0
- 18#.##4.128.49:0
- 19#.##4.235.93:0
- 13#.##7.170.98:0
- 19#.##9.146.225:0
- 11#.##3.225.195:0
- 68.##.243.202:0
- 18#.##0.255.98:0
- 79.##5.200.27:0
- 91.##6.2.249:0
- 85.###.167.246:0
- 24.##.222.159:0
- 11#.#0.81.208:0
- [2##########:953c:18e8:a80:e70d:86a6]:9333
- 13.##2.165.64:0
- 17#.#49.1.136:0
- 71.##6.36.191:0
- 21#.#4.96.197:0
- 78.##8.177.38:0
- 13#.#9.126.99:0
- 10#.##5.120.131:0
- 5.###.85.83:0
- 83.##3.211.75:0
- 45.##.17.247:0
- 5.##.123.3:0
- 18#.##0.227.72:0
- 19#.##.143.197:0
- 16#.##3.252.66:0
- 62.##2.83.41:0
- 5.##.64.7:0
- 18.###.111.111:0
- 17#.##.209.135:0
- 37.##7.183.16:0
- 14.##2.121.53:0
- 24.##6.11.113:0
- 94.##.182.43:0
- 17#.#7.240.26:0
- [2#########7:9e76:55:ea0:cb48:8b78]:0
- [2#########7:9e76:4a:919:9ce3:dbd4]:0
- [2#########7:9e76:18ff:55f:27db:e619]:0
- [2##########:9e76:1c1f:10e9:8f2e:e2a4]:0
- [2#########7:9e76:880:9f6:a9f5:d54b]:0
- [2##########:6abd:2836:1529:c2f9:d5ad]:0
- [2#########7:9e76:878:5a8:b616:28a1]:0
- [2#########7:9e76:857:155b:a9f7:3f3e]:0
- [2##########:6ab8:10f2:214d:cd02:f34e]:0
- [2#########7:9e76:482:2e12:b345:8d2a]:0
- [2#########7:9e76:8e:1129:26da:c005]:0
- [2#########7:9e76:88:5605:e773:b3f5]:0
- [2#######c:a11a::2d4c:a11a]:0
- [2#########7:9e76:55:7505:30d4:b09b]:0
- 88.##.187.187:0
- 14#.##0.234.234:0
- 18#.##3.198.25:9333
- 75.##.133.36:0
- 12#.##7.18.230:0
- 21#.##.176.178:0
- 81.##0.177.24:0
- 67.##1.30.188:0
- 71.###.182.231:0
- 18#.#62.9.196:0
- 46.##6.172.87:0
- 21#.#14.71.78:0
- 10#.##9.145.192:0
- 13#.##4.155.115:0
- 82.##.153.158:0
- 5.###.152.60:0
- 17#.##9.53.114:0
- 87.##9.207.89:0
- 86.##0.89.69:0
- 75.##.31.118:0
- 10#.#8.88.59:0
- 34.##2.175.86:0
- 77.###.113.204:0
- 77.##2.70.8:0
- 95.##.175.83:0
- 20#.#61.28.81:0
- 94.##8.72.99:0
- 20#.##2.204.202:0
- 94.##.201.214:0
- [2##########:90d7:3c9e:3eea:da40:4a4a]:9333
- 15#.###.126.108:9333
DNS ASK:
- x9.######.litecoin.loshan.co.uk
- lo###n.co.uk
- x9.####eed.thrasher.io
- th##sher.io
- dn#####.litecointools.com
- li####intools.com
- dn#####.litecoinpool.org
- li####inpool.org
- dn#####.koin-project.com
- ko####roject.com
Sends data to the following servers:
- 18#.##3.198.25:9333
Receives data from the following servers:
- 18#.##3.198.25:9333
Other:
Collects CPU information
