Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to Internet Relay Chat (IRC) servers. It
This Exploit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It joins an Internet Relay Chat (IRC) channel. It
priority (0 idle, 2 normal to 5 highest) --no-huge-pages → disable huge pages support --no-color → disable colored output --donate-level=N → donate level, default 5% (5 minutes in 100 minutes) --user-agent
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user. It uses the
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\Windows\Windows Defender\pthreadVC2.dll %AppDataLocal%\Microsoft\Windows\Windows Defender\config.txt - Coinminer Configuration File %AppDataLocal%\Microsoft\Windows\Windows Defender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Start = 3 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Type = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS\Instances
\??\%System%\drivers\WinmonFS.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Start = 3 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Type = 2 HKEY_LOCAL_MACHINE
ImagePath = "\??\%System%\drivers\WinmonFS.sys" HKEY_LOCAL_MACHINE\System\CurrentControlSet\ services\WinmonFS Start = "3" HKEY_LOCAL_MACHINE\System\CurrentControlSet\ services\WinmonFS Type = "2
Coinminer-TOOLETN.A-WIN64 (for 64 bit systems) (Note: %AppDataLocal% is the Application Data folder found in Local Settings, where it is usually C:\Documents and Settings\{user name}\Local Settings\Application Data on
\ TestApp OSCaption = {Infected machine OS version} HKEY_CURRENT_USER\Software\Microsoft\ TestApp OSArchitecture = {32 or 64 bit} HKEY_CURRENT_USER\Software\Microsoft\ TestApp IsAdmin = {1 or 0, checks if
modifies the following registry entries to hide files with Hidden attributes: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default value data of the
to download a miner and its configuration file: https://{BLOCKED}ontrol.com/api/check?uuid={UUID} https://{BLOCKED}ontrol.com/api/checkv?uuid={UUID} The downloaded coinminer component is saved as:
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Start = 3 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Type = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS\Instances
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS Type = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\WinmonFS\Instances DefaultInstance = WinmonFS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a