Dr.Web is a software suite developed by Russian anti-malware company Doctor Web. First released in 1992, it became the first anti-virus service in Russia. The company also offers anti-spam solutions and is used by Yandex to scan e-mail attachments. —Doctor Web has been developing anti-virus software since 1992 — Dr.Web is trusted by users around the world in 200+ countries.
Drweb.com
SHA1:
Drweb.ru
Dr Webb Rutland Vt
- 00f4fd10d2eff990929e0850b61e23e1819a9ea4
- 185b5b2ad16b046eebd54b8b87b9e44e1b51dec9
- 2961159e48dfdb9ccca82f0053391c727c31b017
Linux Trojan that is a bash script containing a mining program, which is compressed with gzip and encrypted with base64. Once launched, the script shuts down several processes and installs libraries required for its operation. It also installs zmap and sshpass.
It changes the password of the user “pi” to “$6$U1Nu9qCp$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1”.
Then, in an infinite loop, using zmap, the Trojan searches for network nodes with an open port 22, after that it uses sshpass to log into them with the following login:password pair: pi:raspberry, and then—to save and run its copy.