HackTool.Linux.AutoConn.AUSWM
Linux
Threat Type: Hacking Tool
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It connects to a website to send and receive information.
TECHNICAL DETAILS
69,237 bytes
ELF
Yes
22 Apr 2019
Arrival Details
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Backdoor Routine
This Hacking Tool connects to the following websites to send and receive information:
- 216.{BLOCKED}.71.180:443
Other Details
This Hacking Tool does the following:
- Terminate Connection
- Transfer data from one Socket to another
- It has three different functionalities:
- ConnectConnect (CC)
- used to access a desired server internally (inside the network access)
- ListenListen (LL)
- used to access a desired server externally (outside the network access)
- Port Forwarder (PF)
- used to send data from one port to another (port forwarding functionality)
- ConnectConnect (CC)
- Request for a new connection
- It has the following set of commands:
- -C, --ccnode
- Use ConnectConnect functionality
-s, --server - Host and Port of the server
-c, --llhost - -C, --ccnode
- The host and port of the ListenListen mode.
- Time interval for reporting to the ListenListen mode.
- Generate Poorman's encryption
- Set password to authenticate a control connection with ListenListen mode
- Become a ListenConnect node.
- The port to listen for client connection
- The host and port of the destination server
- f: Fork s: Select
- Write logs to file.
- Log level detail
- Do not become daemon
- Prompt help
- Display version
SOLUTION
9.850
2.168.48
23 Apr 2019
Scan your computer with your Trend Micro product to delete files detected as HackTool.Linux.AutoConn.AUSWM. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Did this description help? Tell us how we did.