Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Linux.Packed.406

Added to the Dr.Web virus database: 2019-05-11

Virus description added:

Technical Information

Malicious functions:
Gets access to SSH keys
  • /root/.ssh/authorized_keys
Launches processes:
  • /usr/bin/getconf CLK_TCK
  • <SAMPLE_FULL_PATH>
  • /usr/bin/lsb_release
  • dpkg-query -f ${Version} ${Provides
Kills the following processes:
  • /usr/bin/lsb_release
Performs operations with the file system:
Creates folders:
  • /root/.ddg
  • /root/.ssh
Creates or modifies files:
  • /root/.ddg/4003.db
Network activity:
Establishes connection:
  • 22#.#.5.5:53
  • 20#.##.222.222:443
  • 1.#.1.1:53
  • 8.#.8.8:53
  • 11#.#9.29.29:53
  • 21#.#39.38.21:9
  • 21#.#39.32.21:9
  • 10#.#0.16.242:9
  • 21#.#39.34.21:9
  • 34.##3.102.38:9
  • 18.##1.215.84:9
  • 52.###.161.133:9
  • 52.##0.125.74:9
  • 10#.#0.17.242:9
  • 52.###.139.131:9
  • 52.#.79.229:9
  • 23.##.99.33:9
  • 23.##.99.40:9
  • 21#.#39.36.21:9
  • [2#######0:c000:1000::501]:9
  • 66.###.248.178:9
  • 95.##1.0.137:9
  • 95.##1.0.145:9
  • 95.###.190.197:7946
  • 12#.#41.90.8:9
  • 12#.#41.90.99:9
  • 63.###.242.170:9
  • 63.###.242.160:9
  • 11#.##.224.170:7946
  • 14#.##.217.71:7946
HTTP GET requests:
  • v4.##ent.me/
  • wh#####yip.akamai.com/
  • ip####.net/plain
  • ip###o.io/ip
  • bo#.####ismyipaddress.com/
  • ch#####.amazonaws.com/
  • ip##.#canhazip.com/
DNS ASK:
  • wh#####yip.akamai.com
  • ip##ho.net
  • ip##fo.io
  • ip##.#canhazip.com
  • v4.#dent.me
  • ch#####.amazonaws.com
  • bo#.####ismyipaddress.com
Sends data to the following servers:
  • 1.#.1.1:53
  • 20#.##.222.222:443
  • 11#.##.224.170:7946
  • [:#######52.136.86.243]:7946
  • [:#######03.126.100.42]:7946
  • [:#######85.186.245.51]:7946
  • [:######60.172.95.184]:7946
  • [:#######52.136.37.127]:7946
  • [:#######23.207.151.50]:7946
  • [:#######80.188.197.45]:7946
  • [:######94.191.51.145]:7946
  • [:######121.169.34.2]:7946
  • [:#######11.231.73.191]:7946
  • [:#######29.211.109.170]:7946
  • [:#######73.254.242.165]:7946
  • [:######61.66.219.187]:7946
  • [:#######39.199.163.240]:7946
  • [:######218.86.60.118]:7946
  • [:######119.28.1.135]:7946
  • [:#######11.230.28.175]:7946
  • [:#######62.144.117.202]:7946
  • [:######118.25.141.11]:7946
  • [:######118.89.19.75]:7947
  • [:######118.25.134.90]:7946
  • [:#######29.204.31.142]:7946
  • [:#######11.231.236.24]:7946
  • [:#######19.23.251.148]:7946
  • [:#######23.150.101.234]:7946
  • [:#######15.231.112.235]:7946
  • [:#######21.40.226.124]:7946
  • [:#######40.143.196.180]:7946
  • [:#######19.27.163.103]:7946
  • [:#######52.136.37.187]:7946
  • [:######154.8.143.181]:7946
  • [:######185.59.51.113]:7947
  • [:#######52.136.81.230]:7946
  • [:#######22.114.206.87]:7946
  • [:######202.69.45.70]:7946
  • [:#######34.209.159.240]:7946
  • [:#######18.24.134.162]:7946
  • [:######148.70.217.71]:7946
  • [:######58.215.49.142]:7946
  • [:######203.93.23.253]:7946
  • [:######154.92.23.236]:7946
  • [:#######04.237.130.248]:7946
  • [:#######12.121.182.10]:7946
  • [:#######21.229.196.215]:7946
  • [:#######29.211.118.83]:7946
  • [:#######32.232.50.185]:7946
  • [:#######16.255.195.187]:7946
  • [:######118.24.128.30]:7946
  • [:######62.135.127.52]:7946
  • [:#######62.248.221.29]:7946
  • [:######118.25.46.60]:7946
  • [:#######39.199.19.153]:7946
  • [:######123.57.158.51]:7946
  • [:######59.10.86.2]:7946
  • [:#######78.128.109.172]:7946
  • [:######118.89.232.10]:7946
  • [:######60.12.214.133]:7946
  • [:#######03.243.180.25]:7946
  • [:######139.196.7.233]:7946
  • [:######118.25.51.128]:7946
  • [:######118.24.57.252]:7946
  • [:######103.242.0.208]:7946
  • [:######120.77.23.36]:7946
  • [:######58.87.101.39]:7946
  • [:######172.104.123.6]:7946
Receives data from the following servers:
  • 1.#.1.1:53
  • 20#.##.222.222:443
  • 11#.##.224.170:7946
Other:
Collects OS information
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number