Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- /bin/busybox
Kills the following processes:
- <SAMPLE>
Network activity:
Establishes connection:
- 19#.##.97.85:9090
- 15#.##.20.54:37215
- 19#.##.20.54:37215
- 15#.#.216.111:37215
- 15#.###.143.245:37215
- 41.###.68.236:37215
- 19#.###.248.25:37215
- 41.###.202.201:37215
- 19#.##.14.20:37215
- 19#.###.123.227:37215
- 41.###.25.249:37215
- 15#.###.95.249:37215
- 41.##.144.255:37215
- 15#.##.113.114:37215
- 15#.###.205.118:37215
- 15#.##.147.96:37215
- 41.##.226.68:37215
- 41.###.220.46:37215
- 15#.###.23.200:37215
- 15#.###.233.204:37215
- 41.##.118.201:37215
- 41.###.17.25:37215
- 41.###.16.11:37215
- 41.##.68.132:37215
- 41.###.18.56:37215
- 15#.##.37.237:37215
- 19#.##7.3.163:37215
- 41.##.130.137:37215
- 19#.###.173.21:37215
- 15#.###.191.63:37215
- 41.###.250.252:37215
- 15#.###.85.127:37215
- 41.###.217.223:37215
- 41.###.194.204:37215
- 41.###.115.39:37215
- 41.##.100.241:37215
- 19#.##.17.16:37215
- 19#.##5.19.19:37215
- 41.###.214.187:37215
- 15#.###.171.48:37215
- 19#.###.163.103:37215
- 19#.##.33.115:37215
- 19#.##9.68.57:37215
- 41.##.141.185:37215
- 15#.##0.42.59:37215
- 41.##.47.165:37215
- 41.###.146.240:37215
- 19#.##3.244.9:37215
- 19#.##.97.36:37215
- 15#.###.50.114:37215
- 19#.##.110.222:37215
- 19#.###.222.81:37215
- 41.##.145.226:37215
- 15#.###.148.208:37215
- 41.##.18.79:37215
- 41.##.165.180:37215
- 19#.##.243.249:37215
- 19#.###.190.219:37215
- 19#.##6.96.40:37215
- 19#.#.242.7:37215
- 15#.###.247.43:37215
- 15#.###.116.248:37215
- 41.###.57.180:37215
- 19#.##.171.129:37215
- 15#.###.20.111:37215
- 19#.###.54.124:37215
- 41.##.83.24:37215
- 19#.###.54.161:37215
- 15#.###.102.117:37215
- 41.###.13.194:37215
- 15#.###.48.214:37215
- 15#.###.101.141:37215
- 41.###.37.180:37215
- 15#.###.123.96:37215
- 15#.##.180.20:37215
- 15#.##2.93.52:37215
- 15#.###.14.241:37215
- 41.###.120.143:37215
- 19#.###.245.25:37215
- 15#.###.27.207:37215
- 41.###.189.173:37215
- 19#.###.67.128:37215
- 41.###.139.62:37215
- 19#.###.248.16:37215
- 15#.###.174.102:37215
- 41.###.15.254:37215
- 19#.##2.98.53:37215
- 41.#.#90.176:37215
- 19#.##.63.192:37215
- 41.###.157.210:37215
- 19#.##.89.70:37215
- 19#.##.102.29:37215
- 19#.##.70.31:37215
- 19#.##0.28.61:37215
- 15#.###.127.153:37215
- 41.##.26.152:37215
- 15#.#.53.1:37215
- 41.##.193.22:37215
- 19#.###.255.97:37215
- 19#.###.46.236:37215
- 15#.###.253.220:37215
- 41.###.119.138:37215
- 15#.###.144.67:37215
- 41.##.107.186:37215
- 41.###.238.177:37215
- 19#.##.90.122:37215
- 41.#.#52.131:37215
- 19#.##6.4.55:37215
- 15#.##5.56.13:37215
- 41.##.162.128:37215
- 41.##.197.164:37215
- 41.###.135.10:37215
- 15#.###.191.65:37215
- 19#.##.102.134:37215
- 41.##.26.198:37215
- 19#.##7.13.86:37215
- 15#.###.136.91:37215
- 19#.#.26.219:37215
- 15#.###.235.80:37215
- 15#.#.217.207:37215
- 15#.##.63.24:37215
- 41.##.29.202:37215
- 19#.##.179.161:37215
- 19#.##7.4.218:37215
- 15#.###.121.101:37215
- 41.###.56.59:37215
- 15#.##9.7.0:37215
- 15#.##.49.254:37215
- 19#.###.198.62:37215
- 19#.##.147.123:37215
- 19#.##2.44.19:37215
- 15#.###.165.110:37215
- 15#.###.110.204:37215
- 41.##.129.12:37215
- 19#.##6.14.72:37215
- 15#.#.141.52:37215
- 15#.###.128.197:37215
- 15#.##.183.169:37215
- 15#.##2.97.23:37215
- 15#.##0.2.131:37215
- 41.###.12.254:37215
- 41.###.238.243:37215
- 19#.##5.94.86:37215
- 19#.###.108.80:37215
- 19#.##.240.127:37215
- 41.###.231.153:37215
- 41.###.183.115:37215
- 15#.##.239.85:37215
- 41.##.147.156:37215
- 19#.###.251.35:37215
- 19#.##.34.253:37215
- 19#.###.188.25:37215
- 41.###.80.18:37215
- 15#.##8.12.20:37215
- 19#.###.172.232:37215
- 15#.##.169.189:37215
- 41.###.234.10:37215
- 19#.###.190.191:37215
- 15#.###.107.225:37215
- 15#.##8.60.88:37215
- 41.##.125.32:37215
- 15#.##.117.157:37215
- 15#.##.176.32:37215
- 15#.##.168.17:37215
- 15#.##.58.92:37215
- 15#.##.24.241:37215
- 15#.##.205.21:37215
- 19#.##.243.122:37215
- 15#.##.121.62:37215
- 19#.###.91.154:37215
- 15#.##8.79.81:37215
- 15#.###.62.230:37215
- 15#.###.169.171:37215
- 41.##.17.140:37215
- 41.#.#3.97:37215
- 19#.##6.59.43:37215
- 15#.###.58.225:37215
- 41.##.91.200:37215
- 19#.###.202.110:37215
- 41.###.221.86:37215
- 19#.##.99.222:37215
- 41.##.56.28:37215
- 41.###.109.83:37215
- 15#.###.225.229:37215
- 41.###.208.219:37215
- 19#.###.121.126:37215
- 15#.###.157.244:37215
- 15#.###.147.152:37215
- 41.###.112.229:37215
- 19#.##.144.220:37215
- 19#.###.133.139:37215
- 15#.###.254.235:37215
- 15#.##0.0.117:37215
- 19#.###.255.83:37215
- 19#.###.233.93:37215
- 41.###.178.51:37215
- 15#.###.65.254:37215
- 15#.##.56.5:37215
- 19#.###.10.226:37215
- 19#.##9.95.90:37215
- 41.###.9.87:37215
- 19#.###.183.218:37215
- 15#.###.112.13:37215
- 41.###.25.123:37215
- 19#.##.102.89:37215
- 19#.###.10.188:37215
- 19#.###.133.12:37215
- 15#.##.29.246:37215
- 15#.###.238.196:37215
- 41.##.63.84:37215
- 19#.###.104.54:37215
- 41.##.208.238:37215
- 19#.##0.72.9:37215
- 19#.##.93.56:37215
- 41.###.252.191:37215
- 41.###.168.17:37215
- 15#.##.89.116:37215
- 19#.##.90.70:37215
- 41.###.128.185:37215
- 19#.###.195.80:37215
- 19#.###.131.97:37215
- 19#.##.96.222:37215
- 15#.###.87.189:37215
- 19#.##4.124.7:37215
- 19#.###.10.107:37215
- 41.###.101.2:37215
- 15#.##.206.43:37215
- 19#.##.207.190:37215
- 41.###.9.207:37215
- 19#.###.168.18:37215
- 19#.##.67.207:37215
- 41.###.0.21:37215
- 41.###.150.145:37215
- 19#.###.115.249:37215
- 19#.##.84.153:37215
- 41.###.106.210:37215
- 19#.##.207.85:37215
- 15#.##.155.26:37215
- 41.###.18.56:37215
- 15#.##.72.218:37215
- 15#.###.229.105:37215
- 19#.#.223.230:37215
- 15#.##7.180.9:37215
- 15#.###.234.175:37215
- 19#.###.100.65:37215
- 19#.##8.4.139:37215
- 15#.###.193.24:37215
- 19#.#.31.150:37215
- 41.##.137.18:37215
- 41.##.253.223:37215
- 15#.###.255.175:37215
- 19#.###.180.17:37215
- 15#.##.97.89:37215
- 15#.##1.250.7:37215
- 41.##.59.27:37215
- 41.###.74.150:37215
- 19#.###.247.105:37215
- 19#.##3.31.72:37215
- 19#.###.65.133:37215
- 15#.###.138.116:37215
- 15#.##.164.3:37215
- 41.##.250.244:37215
- 19#.##.208.255:37215
- 41.###.98.210:37215
- 41.###.43.139:37215
- 41.##.189.145:37215
- 41.##.251.163:37215
- 19#.###.205.196:37215
- 15#.###.174.154:37215
- 19#.##2.51.73:37215
- 15#.###.26.192:37215
- 19#.##.144.195:37215
- 15#.###.22.101:37215
- 19#.##1.8.160:37215
- 19#.###.68.150:37215
- 15#.###.173.19:37215
- 41.##.179.47:37215
- 15#.##0.54.19:37215
- 15#.###.208.108:37215
- 15#.###.246.114:37215
- 19#.###.44.124:37215
- 19#.###.112.71:37215
- 41.###.200.212:37215
- 19#.###.126.85:37215
- 19#.##.180.239:37215
- 41.###.124.166:37215
- 41.##.168.174:37215
- 19#.###.220.155:37215
- 19#.##.47.181:37215
- 41.###.109.66:37215
- 19#.###.24.199:37215
- 41.###.149.236:37215
- 15#.###.240.119:37215
- 41.###.64.156:37215
- 19#.###.130.111:37215
- 15#.##2.21.96:37215
- 19#.##.146.164:37215
- 41.###.196.105:37215
- 19#.##4.94.35:37215
- 19#.##.148.17:37215
- 15#.##.171.122:37215
- 19#.##.60.236:37215
- 41.###.65.218:37215
- 15#.###.184.64:37215
- 15#.##.128.48:37215
- 41.###.57.71:37215
- 19#.##.33.240:37215
- 19#.###.52.232:37215
- 19#.###.149.76:37215
- 15#.##.249.5:37215
- 15#.##.42.174:37215
- 41.###.215.202:37215
- 15#.##.121.57:37215
- 15#.##.92.223:37215
- 15#.##1.79.89:37215
- 15#.##4.97.43:37215
- 19#.##.167.194:37215
- 41.#.#85.171:37215
- 41.###.66.132:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 19#.##.97.85:9090
Other:
Collects information about network activity
