HackTool.Linux.AutoConn.AUSWM

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It connects to a website to send and receive information.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Backdoor Routine

This Hacking Tool connects to the following websites to send and receive information:

• 216.{BLOCKED}.71.180:443

Other Details

This Hacking Tool does the following:

• Terminate Connection
• Transfer data from one Socket to another
• It has three different functionalities:
  • ConnectConnect (CC)
    • used to access a desired server internally (inside the network access)
  • ListenListen (LL)
    • used to access a desired server externally (outside the network access)
  • Port Forwarder (PF)
    • used to send data from one port to another (port forwarding functionality)
• Request for a new connection
• It has the following set of commands:
  • -C, --ccnode
    • Use ConnectConnect functionality
  -s, --server
  • Host and Port of the server
  -c, --llhost
  • The host and port of the ListenListen mode.
  -i, --interval
  • Time interval for reporting to the ListenListen mode.
  -k, --key
  • Generate Poorman's encryption
  -a, --auth
  • Set password to authenticate a control connection with ListenListen mode
  -F, --lcnode
  • Become a ListenConnect node.
  -p, --port number
  • The port to listen for client connection
  -s, --server host:port
  • The host and port of the destination server
  -m, --method {f|s}
  • f: Fork s: Select
  -l, --log file
  • Write logs to file.
  -g, --level number
  • Log level detail
  -n, --nodaemon
  • Do not become daemon
  -h, --help
  • Prompt help
  -v, --version
  • Display version