[Community-sigs] linux backdoor program received
Janos Cservenak
hawk at hwk.hu
Tue Mar 24 07:48:54 EDT 2015
Filename: Systee32
Original source: http://222.186.56.69:9987/Systee32
Architecture: x86
Detected actions:
- copy itself as freeBSD in the same directory
start running like this "/tmp/freeBSD /tmp/freeBSD 1"
after that delete itself
- copy itself as Systee32a in the same directory
and start itself like this "/tmp/Systee32a /tmp/Systee32"
- after 10 minutes of running, no network traffic detected
External virus scanner results:
https://www.virustotal.com/en/file/479d8822fdf34a9daed8cd1ead77e77f0d3808f65b9c26098ea6ee3359a47246/analysis/1427194212/
Signatures:
md5: 440a60df19dcc800ce00f36de5397801:1128808:Linux.Trojan.Agent.5TAP9C
sha1:
91bc3fa241bf4ca3d01267eb58b8c0dd40d45f7a:1128808:Linux.Trojan.Agent.5TAP9C
sha256:
479d8822fdf34a9daed8cd1ead77e77f0d3808f65b9c26098ea6ee3359a47246:1128808:Linux.Trojan.Agent.5TAP9C
More information about the Community-sigs
mailing list