Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /etc/cron.d/dlemp.code.cron
Malicious functions:
Launches processes:
- date
- mkdir -p /etc/dlemp/.tmp/saoluuwebsitethanhconghostingaz
- rm -rf /etc/dlemp/.tmp/checksite-list
- rm -rf /etc/dlemp/.tmp/dlemp-replace
- clear
- chmod +x /etc/dlemp/.tmp/dlemp-replace
- cat /etc/dlemp/.tmp/checksite-list
- cut -c 1-15
- <SAMPLE_FULL_PATH> -c exec \x27<SAMPLE_FULL_PATH>\x27 \x22$@\x22 <SAMPLE_FULL_PATH>
- sed -i /0-DLEMP-SHORTCUT/d /etc/dlemp/.tmp/dlemp-websitelist
- cat
- wc -l
- <0x12>
- cat /etc/dlemp/.tmp/dlemp-websitelist
- mkdir -p /etc/dlemp/.tmp/saoluuwebsitethatbaihostingaz
- sed -i /oanh/d /etc/dlemp/.tmp/dlemp-websitelist
- rm -rf /etc/dlemp/.tmp/*hostingaz*
- rm -rf /etc/dlemp/.tmp/dlemp_check_site
- md5sum
- touch /etc/cron.d/dlemp.code.cron
- sed -i //d /etc/dlemp/.tmp/dlemp-websitelist
- ls /bin/
Performs operations with the file system:
Modifies file access rights:
- /etc/dlemp/.tmp/dlemp-replace
Modifies file owner:
- /etc/dlemp/.tmp/seddfO6tm
- /etc/dlemp/.tmp/sed2EuODC
Creates folders:
- /etc/dlemp
- /etc/dlemp/.tmp
- /etc/dlemp/.tmp/saoluuwebsitethanhconghostingaz
- /etc/dlemp/.tmp/saoluuwebsitethatbaihostingaz
Creates or modifies files:
- /etc/dlemp/.tmp/dlemp-websitelist
- /etc/dlemp/.tmp/dlemp-replace
- /etc/dlemp/.tmp/sedtfgpKh
- /etc/dlemp/.tmp/seddfO6tm
- /etc/dlemp/.tmp/sed2EuODC
- /etc/dlemp/.tmp/checkautobackuphostingaz.txt
Deletes files:
- /etc/dlemp/.tmp/sedtfgpKh
- /etc/dlemp/.tmp/dlemp-replace
Changes time of creation/access/modification of files:
- /etc/cron.d/dlemp.code.cron
