Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Linux.Packed.507

Added to the Dr.Web virus database: 2019-07-10

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • /etc/init.d/.SSHH2
Creates or modifies the following symlinks:
  • /etc/rc2.d/S77.SSHH2
  • /etc/rc3.d/S77.SSHH2
  • /etc/rc4.d/S77.SSHH2
  • /etc/rc5.d/S77.SSHH2
Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
  • /etc/init.d/iptables stop
Manages services:
  • systemctl stop iptables.service
  • service iptables stop
  • service .SSHH2 start
  • systemctl start .SSHH2.service
  • service ebtables stop
Launches processes:
  • sh -c ps -ef
  • ps -ef
  • sh -c chmod 777 /etc/init.d/.SSHH2
  • chmod 777 /etc/init.d/.SSHH2
  • sh -c (chmod -R 777 /tmp) ; (rm -f /tmp/.sshhdd*) ; (echo yes|cp -p <SAMPLE_FULL_PATH> /tmp/.sshhdd1562763443)
  • chmod -R 777 /tmp
  • rm -f /tmp/.sshhdd*
  • cp -p <SAMPLE_FULL_PATH> /tmp/.sshhdd1562763443
  • sh -c (chmod +x /tmp/.sshhdd1562763443) ; (setsid /tmp/.sshhdd1562763443 &)
  • chmod +x /tmp/.sshhdd1562763443
  • setsid /tmp/.sshhdd1562763443
  • /tmp/.sshhdd1562763443
  • sh -c chkconfig --level 0123456 iptables off > /dev/null
  • sh -c top -bn 1 | grep Cpu | cut -d \
  • top -bn 1
  • grep Cpu
  • sh -c chkconfig --level 0123456 ip6tables off > /dev/null
  • cut -d
  • cut -d : -f 2
  • sh -c systemctl stop iptables.service > /dev/null
  • sh -c service iptables stop > /dev/null
  • sh -c echo yes|cp -p /tmp/.sshhdd1562763443 /etc/.SSHH2
  • cp -p /tmp/.sshhdd1562763443 /etc/.SSHH2
  • sh -c grep \"\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print $9}'
  • grep \beth /proc/net/dev
  • awk {print $9}
  • sh -c grep \"\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print $10}'
  • awk {print $10}
  • sh -c (chmod +x /etc/.SSHH2) ; (setsid /etc/.SSHH2 &)
  • chmod +x /etc/.SSHH2
  • setsid /etc/.SSHH2
  • /etc/.SSHH2
  • sh -c echo yes|cp -p <SAMPLE_FULL_PATH> /etc/.SSHH2
  • cp -p <SAMPLE_FULL_PATH> /etc/.SSHH2
  • sh -c chmod 777 /etc/.SSHH2
  • chmod 777 /etc/.SSHH2
  • sh -c ln -s /etc/init.d/.SSHH2 /etc/rc2.d/S77.SSHH2
  • ln -s /etc/init.d/.SSHH2 /etc/rc2.d/S77.SSHH2
  • sh -c ln -s /etc/init.d/.SSHH2 /etc/rc3.d/S77.SSHH2
  • ln -s /etc/init.d/.SSHH2 /etc/rc3.d/S77.SSHH2
  • sh -c ln -s /etc/init.d/.SSHH2 /etc/rc4.d/S77.SSHH2
  • ln -s /etc/init.d/.SSHH2 /etc/rc4.d/S77.SSHH2
  • sh -c ln -s /etc/init.d/.SSHH2 /etc/rc5.d/S77.SSHH2
  • ln -s /etc/init.d/.SSHH2 /etc/rc5.d/S77.SSHH2
  • sh -c service .SSHH2 start
  • sh -c /etc/init.d/.SSHH2 start
  • /etc/init.d/.SSHH2 start
  • sh -c /etc/init.d/iptables stop > /dev/null
  • sh -c reSuSEfirewall2 stop > /dev/null
  • sh -c SuSEfirewall2 stop > /dev/null
  • sh -c service ebtables stop > /dev/null
Kills the following processes:
  • /tmp/.sshhdd1562763443
Performs operations with the file system:
Modifies file access rights:
  • /tmp
  • /tmp/.ICE-unix
  • /tmp/.XIM-unix
  • /tmp/.X11-unix
  • /tmp/.Test-unix
  • /tmp/.font-unix
  • /tmp/.sshhdd1562763443
  • /etc/.SSHH2
  • /etc/init.d/.SSHH2
Creates or modifies files:
  • /tmp/.sshhdd1562763443
  • /etc/.SSHH2
Deletes files:
  • /tmp/.sshhdd*
Network activity:
Establishes connection:
  • 0.0.0.0:7668
DNS ASK:
  • by.###k52088.com
Other:
Collects OS information
Collects CPU information
Collects RAM information
Collects information about network activity

Recommandations pour le traitement


Linux

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

Pour 1 mois (sans enregistrement) ou 3 mois (avec enregistrement et remise pour le renouvellement)

Télécharger Dr.Web

Par le numéro de série