linux_avp Malware Download

linux_avp Malware Download
Hacker skim sensitive information from e-commerce website by deploying malware dubbed as linux_avp which is written in golang. Analysis of linux_avp suggests that it serves as backdoor, waiting for commands from a Alibaba hosted server The linux_avp malware also injects a malicious crontab entry, to ensure access in case that the process is removed or the server rebooted. Once launched, it immediately removes itself from the disk and camouflages itself as a "ps -ef" process that would be used to get a list of currently-running processes.

linux_avp Backdoor Signatures

Family: Trojan.GenericKD.38063967
MD5: 60ecdd39baea21b8568b7f83f2106a0c
SHA256: 2d422affb9727b71b0e1610568bea8643892d99bdaed99269a10e7554c88437b

linux_avp Backdoor Download

Download linux_avp Backdoor Sample