Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Linux.Siggen.6834

Added to the Dr.Web virus database: 2024-03-21

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • 3vgwcr8t126hwem3hmh1
Launches processes:
  • /sbin/xtables-multi iptables -A INPUT -p udp --dport 37215 -j DROP
  • /bin/sh -c /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c iptables -F
  • /bin/sh -c /bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c ufw deny 37215/udp
  • /bin/kmod /sbin/modprobe ip_tables
  • /sbin/xtables-multi iptables -A INPUT -p tcp --dport 59666 -j DROP
  • /bin/sh -c nft add rule ip filter input tcp dport 37215 drop
  • /bin/sh -c iptables -A INPUT -p udp --dport 59666 -j DROP
  • /sbin/xtables-multi iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c echo \x22127.0.0.1 fucktheccp.top\x22 >> /etc/hosts
  • /bin/sh -c /usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c iptables -A INPUT -p udp --dport 37215 -j DROP
  • /bin/sh -c iptables -A INPUT -s 141.98.10.128 -j DROP
  • /bin/sh -c nft add rule ip filter input udp dport 37215 drop
  • /bin/sh -c iptables -A INPUT -p tcp --dport 37215 -j DROP
  • /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /sbin/xtables-multi iptables -A INPUT -p tcp --dport 37215 -j DROP
  • /bin/sh -c iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /sbin/xtables-multi iptables -A INPUT -p udp --dport 59666 -j DROP
  • /bin/sh -c iptables -A INPUT -p tcp --dport 59666 -j DROP
  • /sbin/xtables-multi iptables -F
  • /bin/sh -c ufw deny 37215/tcp
  • busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c nft add rule ip filter input udp dport 59666 drop
  • /bin/sh -c nft add rule ip filter input tcp dport 59666 drop
  • /sbin/xtables-multi iptables -A INPUT -s 141.98.10.128 -j DROP
  • /bin/sh -c busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c echo \x22127.0.0.1 reachedfucktheccp.top\x22 >> /etc/hosts
Performs operations with the file system:
Deletes folders:
  • /xconsole
Creates or modifies files:
  • /etc/hosts
Deletes files:
  • /xconsole
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:8345
  • 0.0.0.0:26721
Establishes connection:
  • 8.#.8.8:53
  • [:##]:37215
  • 127.0.0.1:37215
  • [:##]:59666
  • 127.0.0.1:59666
  • 19#.##.144.87:53
  • 19#.###.175.20:35342
DNS ASK:
  • re###thltd.com
Sends data to the following servers:
  • 19#.###.175.20:35342
Receives data from the following servers:
  • 19#.###.175.20:35342
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number