Technical Information
Malicious functions:
Substitutes application name for:
- t2hdnii6nfw1
Launches processes:
- sh -c mkdir /htmdkr4aewmd/ && >/htmdkr4aewmd/htmdkr4aewmd && cd /htmdkr4aewmd/
- mkdir /htmdkr4aewmd/
- sh -c mv <SAMPLE_FULL_PATH> /htmdkr4aewmd/htmdkr4aewmd; chmod 777 /htmdkr4aewmd/htmdkr4aewmd
- mv <SAMPLE_FULL_PATH> /htmdkr4aewmd/htmdkr4aewmd
- chmod 777 /htmdkr4aewmd/htmdkr4aewmd
Performs operations with the file system:
Modifies file access rights:
- /htmdkr4aewmd/htmdkr4aewmd
Creates folders:
- /htmdkr4aewmd
Creates or modifies files:
- /htmdkr4aewmd/htmdkr4aewmd
- <SAMPLE_FULL_PATH>
Network activity:
Establishes connection:
- 8.#.8.8:53
- 94.###.57.241:1339
- 43.###.31.172:26
- 18#.##1.249.89:2223
- 45.###.78.216:26
- 45.##.233.123:26
- 15#.##0.125.5:26
- 10#.##4.95.174:2223
- 14#.##.211.79:2223
- 27.###.88.180:2223
- 22#.##4.32.159:26
- 22#.###.211.122:2223
- 11#.##6.93.206:26
- 15#.##.69.236:26
- 10#.##.145.235:2223
- 14#.###.195.213:2223
- 37.###.130.100:2223
- 13#.##0.144.20:26
- 45.##.227.158:26
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Attacks using a special dictionary (brute-force technique) via an undefined protocol.
Sends data to the following servers:
- 94.###.57.241:1339
- 35.##.223.217:26
- 85.###.207.164:2223
- 60.###.72.27:2223
Receives data from the following servers:
- 94.###.57.241:1339
- 22#.###.211.122:2223
