Coinminer.Linux.KINSING.A

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Verbindet sich mit einer bestimmten Website, um Daten zu versenden und zu empfangen.

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

Schleust die folgenden Dateien ein und führt sie aus:

• /tmp/salt-minions

Prozessbeendigung

Beendet die folgenden Prozesse, wenn sie im Speicher des betroffenen Systems ausgeführt werden:

• salt-minions

Andere Details

Verbindet sich mit der folgenden Website, um Daten zu versenden und zu empfangen:

• {BLOCKED}.{BLOCKED}.87.231
• {BLOCKED}.{BLOCKED}.153.85
• {BLOCKED}.{BLOCKED}.123.206
• {BLOCKED}.{BLOCKED}.178.195
• {BLOCKED}.{BLOCKED}.129.111
• {BLOCKED}.{BLOCKED}.152.69
• {BLOCKED}.{BLOCKED}.201.62

Es macht Folgendes:

• It reads the following system info:
  • Product Name
  • Product Version
  • Product Serial
  • Product UUID
  • Board Vendor
  • Board Name
  • Board Version
  • Board Serial
  • Board Asset Tag
  • Chassis Vendor
  • Chassis Type
  • Chassis Version
  • Chassis Serial
  • Chassis Asset Tag
  • Bios Vendor
  • Bios Version
  • Bios Date
  • Sys Vendor
  • Kernel Version
  
  
• Reads the following information from /sys:
  • /sys/devices/system/cpu/possible
  • /sys/fs/cgroup/cpuset//cpuset.cpus
  • /sys/fs/cgroup/cpuset//cpuset/mems
  • /sys/devices/system/cpu/online
  • /sys/bus/cpu/devices/cpu{0-4}/topology/package_cpus
  • /sys/bus/cpu/devices/cpu{0-4}/topology/core_cpus
  • /sys/bus/cpu/devices/cpu{0-4}/topology/thread_siblings
  • /sys/bus/node/devices/node{0-4}/cpumap
  • /sys/bus/cpu/devices
  • /sys/bus/cpu/devices/cpu{0-4}/topology
  • /sys/bus/cpu/devices/cpu{0-4}/topology/core_siblings
  • /sys/bus/cpu/devices/cpu{0-4}/online
  • /sys/bus/cpu/devices/cpu{0-4}/topology/physical_package_id
  • /sys/bus/cpu/devices/cpu{0-4}/topology/die_cpu
  • /sys/bus/cpu/devices/cpu{0-4}/topology/core_id
  • /sys/bus/cpu/devices/cpu{0-4}/topology/book_siblings
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/level
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/size
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/coherency_line_size
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/number_of_sets
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/physical_line_partition
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/shared_cpu_map
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/type
  • /sys/kernel/mm/hugepages
  • /sys/bus/node/devices
  • /sys/bus/node/devices/node{0-4}/hugepages
  
  
• Reads the following information from /proc:
  • /proc/cpuinfo
  • /proc/self/cgroup
  • /proc/mounts
  • /proc/meminfo