Para el funcionamiento correcto del sitio web, debe activar el soporte de JavaScript en su navegador.
Linux.Packed.507
Added to the Dr.Web virus database:
2019-07-10
Virus description added:
2019-07-10
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
Creates or modifies the following symlinks:
/etc/rc2.d/S77.SSHH2
/etc/rc3.d/S77.SSHH2
/etc/rc4.d/S77.SSHH2
/etc/rc5.d/S77.SSHH2
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
/etc/init.d/iptables stop
Manages services:
systemctl stop iptables.service
service iptables stop
service .SSHH2 start
systemctl start .SSHH2.service
service ebtables stop
Launches processes:
sh -c ps -ef
ps -ef
sh -c chmod 777 /etc/init.d/.SSHH2
chmod 777 /etc/init.d/.SSHH2
sh -c (chmod -R 777 /tmp) ; (rm -f /tmp/.sshhdd*) ; (echo yes|cp -p <SAMPLE_FULL_PATH> /tmp/.sshhdd1562763443)
chmod -R 777 /tmp
rm -f /tmp/.sshhdd*
cp -p <SAMPLE_FULL_PATH> /tmp/.sshhdd1562763443
sh -c (chmod +x /tmp/.sshhdd1562763443) ; (setsid /tmp/.sshhdd1562763443 &)
chmod +x /tmp/.sshhdd1562763443
setsid /tmp/.sshhdd1562763443
/tmp/.sshhdd1562763443
sh -c chkconfig --level 0123456 iptables off > /dev/null
sh -c top -bn 1 | grep Cpu | cut -d \
top -bn 1
grep Cpu
sh -c chkconfig --level 0123456 ip6tables off > /dev/null
cut -d
cut -d : -f 2
sh -c systemctl stop iptables.service > /dev/null
sh -c service iptables stop > /dev/null
sh -c echo yes|cp -p /tmp/.sshhdd1562763443 /etc/.SSHH2
cp -p /tmp/.sshhdd1562763443 /etc/.SSHH2
sh -c grep \"\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print $9}'
grep \beth /proc/net/dev
awk {print $9}
sh -c grep \"\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print $10}'
awk {print $10}
sh -c (chmod +x /etc/.SSHH2) ; (setsid /etc/.SSHH2 &)
chmod +x /etc/.SSHH2
setsid /etc/.SSHH2
/etc/.SSHH2
sh -c echo yes|cp -p <SAMPLE_FULL_PATH> /etc/.SSHH2
cp -p <SAMPLE_FULL_PATH> /etc/.SSHH2
sh -c chmod 777 /etc/.SSHH2
chmod 777 /etc/.SSHH2
sh -c ln -s /etc/init.d/.SSHH2 /etc/rc2.d/S77.SSHH2
ln -s /etc/init.d/.SSHH2 /etc/rc2.d/S77.SSHH2
sh -c ln -s /etc/init.d/.SSHH2 /etc/rc3.d/S77.SSHH2
ln -s /etc/init.d/.SSHH2 /etc/rc3.d/S77.SSHH2
sh -c ln -s /etc/init.d/.SSHH2 /etc/rc4.d/S77.SSHH2
ln -s /etc/init.d/.SSHH2 /etc/rc4.d/S77.SSHH2
sh -c ln -s /etc/init.d/.SSHH2 /etc/rc5.d/S77.SSHH2
ln -s /etc/init.d/.SSHH2 /etc/rc5.d/S77.SSHH2
sh -c service .SSHH2 start
sh -c /etc/init.d/.SSHH2 start
/etc/init.d/.SSHH2 start
sh -c /etc/init.d/iptables stop > /dev/null
sh -c reSuSEfirewall2 stop > /dev/null
sh -c SuSEfirewall2 stop > /dev/null
sh -c service ebtables stop > /dev/null
Kills the following processes:
Performs operations with the file system:
Modifies file access rights:
/tmp
/tmp/.ICE-unix
/tmp/.XIM-unix
/tmp/.X11-unix
/tmp/.Test-unix
/tmp/.font-unix
/tmp/.sshhdd1562763443
/etc/.SSHH2
/etc/init.d/.SSHH2
Creates or modifies files:
/tmp/.sshhdd1562763443
/etc/.SSHH2
Deletes files:
Network activity:
Establishes connection:
DNS ASK:
Other:
Collects OS information
Collects CPU information
Collects RAM information
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información
OK