Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /etc/rc.local
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- vbbLYovdAlob
Kills the following processes:
- <SAMPLE>
- vbbLYovdAlob
Network activity:
Awaits incoming connections on ports:
- 19#.###.217.50:58580
Establishes connection:
- 1.#.1.1:53
- 79.###.106.197:9050
- 15#.##9.86.28:80
- 23.###.139.48:80
Attacks using a special dictionary (brute-force technique) via the SSH protocol
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 79.###.106.197:9050
- 22#.##5.130.13:80
- 23#.#4.97.42:80
- 48.##.249.23:80
- 16#.##6.29.53:80
- 18#.##3.92.26:80
- 24#.#9.88.16:80
- 15#.##9.200.92:80
- 22#.##.249.15:80
- 17#.##5.69.240:23
- 63.##.52.89:80
- 47.##0.35.52:80
- 19#.##8.45.18:80
- 19#.##0.37.89:80
- 64.##.214.239:23
- 67.###.94.243:23
- 20#.##3.114.120:23
- 17#.##.148.192:23
- 40.##.31.3:23
- 46.###.86.232:23
- 22#.##.229.244:23
- 57.##.116.153:23
- 94.##8.21.26:23
- 18#.##.194.73:80
- 12.###.218.124:80
- 23#.##3.137.14:80
- 24#.##2.194.109:80
- 19#.#1.9.221:23
- 85.###.133.194:23
- 12#.#3.99.13:80
- 12.###.216.92:80
- 25#.#2.60.56:80
- 11#.##4.214.48:23
- 16#.##2.137.218:23
- 98.##.146.107:80
- 13#.##2.243.42:80
- 25#.##4.137.0:80
- 4.###.195.169:23
- 19#.##1.237.6:23
- 63.##.80.56:80
- 21#.##.220.122:80
- 18#.##4.109.214:23
- 14#.##7.63.20:23
- 17#.##9.77.68:80
- 32.##.37.20:80
- 37.###.241.41:80
- 8.###.75.27:80
- 99.###.140.112:80
- 12#.##.193.90:80
- 22#.#.81.39:80
- 23#.##8.11.57:80
- 15#.##.205.117:80
- 18#.#7.28.34:80
- 15#.##2.17.106:80
- 16#.##7.63.57:80
- 10#.##.105.10:80
- 47.###.106.65:80
- 25#.##4.140.123:80
- 45.###.240.127:80
- 16#.##9.78.52:80
- 17#.#29.5.60:80
- 11#.##.27.112:80
- 27.###.38.115:80
- 10#.##9.182.11:80
- 91.##.206.108:80
- 19.##.66.56:80
- 94.##.131.18:80
- 69.##.47.23:80
- 19#.##1.179.3:80
- 18#.##.96.109:80
- 83.###.120.123:80
- 75.##9.57.25:80
- 22#.##9.249.109:80
- 20#.##6.43.76:80
- 20#.##9.81.126:80
- 72.###.182.114:80
- 23#.##5.215.55:80
- 59.##1.22.79:80
- 18#.#58.5.74:80
- 82.##.233.10:80
- 10#.##3.26.91:80
- 44.##7.175.2:80
- 24#.##5.60.40:80
- 11#.##.243.14:80
- 17#.##.200.55:80
- 91.##.207.19:80
- 12.##.171.84:80
- 11#.##.245.87:80
- 17#.#.19.16:80
- 24.###.131.49:80
- 10#.#1.49.16:80
- 23#.#3.99.72:80
- 24#.##9.95.44:80
- 11#.##5.124.43:80
- 76.###.239.56:80
- 24#.##.231.57:80
- 22#.##7.218.35:80
- 24#.##6.112.58:80
- 19#.#6.23.20:80
- 16#.##3.31.118:80
- 23#.##4.188.46:80
- 92.###.185.97:80
- 17#.#1.26.18:80
- 62.###.216.110:80
- 24#.##.231.117:80
- 73.###.43.124:80
- 10#.##1.59.24:80
- 81.##.38.57:80
- 88.##3.70.93:80
- 23#.#4.24.40:80
- 32.##.82.55:80
- 21#.#2.87.8:80
- 10#.##8.76.44:80
- 14#.#5.178.2:80
- 11#.##.28.124:80
- 13#.#.103.92:80
- 20#.##8.87.115:80
- 20#.##.234.104:80
- 62.##2.13.20:80
- 20#.##.208.62:80
- 22#.##6.42.126:80
- 16#.##9.201.44:80
- 22#.##.154.43:80
- 21#.##5.213.75:80
- 24#.#9.0.20:80
- 90.##.115.121:80
- 11#.##3.27.43:80
- 15#.##.250.24:80
- 15#.##0.124.112:80
- 59.#.183.6:80
- 17#.#3.92.4:80
- 21#.#46.53.6:80
- 19#.#5.173.3:80
- 37.###.230.112:80
- 10#.##3.102.9:80
- 12#.##4.178.77:80
- 18#.#30.7.89:80
- 20#.#.78.16:80
- 76.##.43.94:80
- 17.###.121.25:80
- 15#.##7.217.127:80
- 34.##0.122.5:80
- 20#.##2.139.10:80
- 18#.##.92.110:80
- 42.##.29.36:80
- 14#.##.193.57:80
- 25#.##.221.97:80
- 19#.##6.235.54:80
- 46.#.217.25:80
- 25#.##1.85.41:80
- 91.###.231.32:80
- 13#.##0.49.116:80
- 71.###.204.26:80
- 13#.##.126.17:80
- 15#.##9.86.28:80
- 21#.##3.248.15:80
- 24#.##7.16.126:80
- 27.##.255.52:80
- 15#.#.200.66:80
- 90.###.215.35:80
- 14#.##.175.56:80
- 62.##9.52.40:80
- 13#.#6.176.2:80
- 17#.#0.1.112:80
- 78.##5.87.91:80
- 23.###.139.48:80
- 24#.##0.224.27:80
- 20#.##6.86.40:80
- 23#.#.253.46:80
- 22#.#70.9.94:80
- 85.###.153.68:80
- 12#.#3.89.99:80
- 22#.##0.120.112:80
- 98.##.243.14:80
- 18#.##.205.109:80
- 19#.##1.52.92:80
- 22#.##3.224.113:80
- 22#.##9.228.4:80
- 18#.#.78.60:80
- 25#.##6.237.39:80
- 97.#.151.26:80
- 18#.##1.52.112:80
- 12#.##4.97.117:80
- 11#.##.251.63:80
- 21#.##3.254.15:80
- 15#.##6.71.102:80
- 23#.##.174.13:80
- 16#.##0.76.32:80
- 17.##5.40.19:80
- 57.#.84.107:80
- 24#.##7.235.118:80
- 23#.##.176.111:80
- 17#.##6.232.75:80
- 87.##5.82.0:80
- 20#.##.106.68:80
- 15#.##8.183.72:80
- 25#.##5.19.42:80
- 20#.##1.226.31:80
- 10#.##7.204.25:80
- 11#.#5.67.83:80
- 16.###.126.60:80
- 39.###.81.101:80
- 81.##6.20.20:80
- 18#.##6.111.24:80
- 98.###.169.123:80
- 22#.##6.72.50:80
- 16#.##0.118.22:80
- 15#.##.253.77:80
- 67.##0.80.26:80
- 23#.##0.220.86:80
- 20#.##5.133.38:80
- 18#.##4.65.66:80
- 20#.##1.149.113:80
- 21#.#06.0.96:80
- 19#.##.150.36:80
- 25#.##.118.106:80
- 15#.#7.40.62:80
- 12#.##2.139.15:80
- 78.##.90.17:80
- 22#.#.24.10:80
- 40.#.141.127:80
- 68.#.59.45:80
- 93.###.176.98:80
- 17.###.237.127:80
- 18.##.2.27:80
- 76.###.173.17:80
- 24#.##7.247.93:80
- 10#.##2.155.95:80
- 17#.#3.44.58:80
- 70.###.124.81:80
- 16#.##6.110.50:80
- 16#.##.230.98:80
- 12.#.6.50:80
- 9.###.217.113:80
- 23#.##0.234.54:80
- 98.##5.75.44:80
- 17#.#8.48.31:80
- 21#.##.198.41:80
- 15#.##3.222.44:80
- 12#.##5.18.74:80
- 57.###.181.120:80
- 10#.##3.17.26:80
- 17#.#12.7.64:80
- 73.###.124.14:80
- 10#.##5.96.42:80
- 19#.##.134.124:80
- 61.##.196.95:80
- 87.##7.76.33:80
- 11#.##0.206.115:80
- 85.###.172.44:80
- 89.###.131.74:80
- 17#.##4.31.14:80
- 66.##5.137.3:80
- 10#.##2.128.44:80
- 23#.##9.172.43:80
- 40.##6.25.60:80
- 17#.##6.159.33:80
- 23#.##9.192.85:80
- 80.##.72.76:80
- 18#.##1.21.19:80
- 11#.##9.115.77:80
- 11#.##0.123.72:80
- 16#.##.48.110:80
- 46.##.96.86:80
- 22#.##8.162.18:80
- 12#.##1.21.55:80
- 16#.##6.170.82:80
- 34.###.140.77:80
- 11#.##2.47.121:80
- 67.###.186.98:80
- 25#.##2.140.45:80
- 57.##.198.29:80
- 18#.##7.174.122:80
- 21#.##2.206.8:80
- 13#.##9.136.117:80
- 62.##.49.77:80
- 90.##0.61.16:80
- 75.##.180.29:80
- 80.##.51.104:80
- 16#.##.235.33:80
- 59.###.171.123:80
- 18#.#.207.71:80
- 17#.##7.101.33:80
- 23#.##2.215.53:80
- 25#.##8.75.25:80
- 20.###.119.59:80
- 84.##2.56.96:80
- 12#.#7.28.86:80
- 81.##8.59.27:80
- 17#.#3.133.1:80
- 22#.#3.157.2:80
- 62.###.232.70:80
- 89.##0.36.35:80
- 23#.##8.213.119:80
- 41.##.169.28:80
- 11#.##.145.94:80
- 97.##3.81.64:80
- 20#.##6.217.10:80
- 23#.##.167.21:80
- 80.##8.82.43:80
- 9.###.51.99:80
- 12#.#0.44.12:80
- 18#.##.242.41:80
- 20#.#0.63.91:80
- 97.##.254.32:80
- 5.###.166.71:80
- 8.##.233.66:80
- 64.##5.81.67:80
- 21#.##1.65.11:80
- 18#.##.79.100:80
- 45.###.41.121:80
- 20#.##8.198.31:80
- 84.##.169.122:80
- 44.###.231.90:80
- 57.##.70.125:80
- 88.##7.235.1:80
- 13#.##6.12.126:80
- 35.##.28.117:80
- 24#.##8.157.92:80
- 75.##.110.41:80
- 22#.##6.68.114:80
- 15#.##.193.84:80
- 22#.##4.120.85:80
- 16.###.149.84:80
- 46.###.206.98:80
- 23#.##.57.102:80
- 20#.##.136.126:80
- 87.##.182.43:80
- 14#.##.98.103:80
- 17#.##3.159.99:80
- 25#.##5.13.62:80
- 77.##.55.7:80
- 15#.#06.41.1:80
- 20#.##1.46.70:80
- 32.##.128.1:80
- 85.##7.32.74:80
- 16.##1.128.9:80
- 24#.##4.193.12:80
- 62.##.170.2:80
- 20#.##9.78.49:80
- 21#.#3.54.78:80
- 20.###.235.15:80
- 63.##9.27.42:80
- 11#.##1.239.42:80
- 20.##.127.34:80
- 22#.##.250.86:80
- 24#.##0.2.117:80
- 77.##1.52.27:80
- 14#.#39.1.23:80
- 19#.##5.12.92:80
- 36.##.248.43:80
- 23#.#8.57.9:80
- 23#.##.244.54:80
- 93.##2.62.41:80
- 58.##.127.3:80
- 81.###.204.51:80
- 69.##6.36.11:80
- 11#.#88.0.53:80
- 19#.##.185.41:80
- 10#.##1.158.17:80
- 5.##.200.83:80
- 18.##8.39.83:80
- 66.##.227.3:80
- 14#.#8.50.28:80
- 17#.##4.232.39:80
- 79.###.135.19:80
- 17#.##.78.119:80
- 16#.##9.121.96:80
- 39.##7.91.89:80
- 16#.#.200.112:80
- 22#.##3.183.10:80
- 16#.##1.11.94:80
- 94.#.110.5:80
- 23#.#8.3.100:80
- 19.###.148.63:80
- 20#.#1.37.26:80
- 17#.##.182.81:80
- 11#.##.80.111:80
- 22#.##3.197.72:80
- 96.#.204.70:80
- 62.###.126.53:80
- 25#.##6.69.74:80
- 18#.##3.236.16:80
- 16#.##0.24.119:80
- 72.#.153.103:80
- 22#.##6.22.40:80
Receives data from the following servers:
- 79.###.106.197:9050
Other:
Collects information about network activity
