[Community-sigs] linux backdoor program
Janos Cservenak
hawk at hwk.hu
Tue Mar 24 07:27:34 EDT 2015
Filename: amra8
Architecture: x86
Detected actions:
- copies itself as /usr/bin/.sEhd
- start running itself many copies (as amra8 and as .sEhd too)
- connecting to 222.186.56.69 port 36000
inetnum: 222.186.0.0 - 222.191.255.255
netname: CHINANET-JS
descr: China Telecom
country: CN
External virus scanner results:
https://www.virustotal.com/en/file/3f06e4c6cd8126d47485d62647230dfdf1ddbbe438ed9149223103ccd1f7f797/analysis/1427196228/
Signatures:
md5: 68ef39590112a1764dc7a8746441cd46:73063:Backdoor.Linux.Gates.B
sha1: aa23fdf6d1280deef19c851d337b93de7be06b1a:73063:Backdoor.Linux.Gates.B
sha256:
3f06e4c6cd8126d47485d62647230dfdf1ddbbe438ed9149223103ccd1f7f797:73063:Backdoor.Linux.Gates.B
More information about the Community-sigs
mailing list