HKTL_COINMINE.GE

This Hacking Tool may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be downloaded by other malware/grayware from remote sites.

It does not have any propagation routine.

It does not have any backdoor routine.

It requires being executed with a specific argument/parameter, an additional component, or in a specific environment in order to proceed with its intended routine.

Arrival Details

This Hacking Tool may arrive bundled with malware packages as a malware component.

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be downloaded by the following malware/grayware from remote sites:

• HKTL_COINMINE.GN

Propagation

This Hacking Tool does not have any propagation routine.

Backdoor Routine

This Hacking Tool does not have any backdoor routine.

Other Details

This Hacking Tool does the following:

• This hacking tool is a coin miner used to generate bitcoins and it requires credentials for the mining server.
• The mining process eats up a system's computing power. As such, infected systems sustain increased wear and tear from processing coin blocks and the infected systems will work abnormally slow.
• It accepts the following parameters:
  • -o, --url=URL　→　URL of mining server
  • -O, --userpass=U:P　→　username:password pair for mining server
  • -u, --user=USERNAME　→　username for mining server
  • -p, --pass=PASSWORD　→　password for mining server
  • --cert=FILE　→　certificate for mining server using SSL
  • -x, --proxy=[PROTOCOL://]HOST[:PORT]　→　connect through a proxy
  • -t, --threads=N　→　number of miner threads (default: number of processors)
  • -r, --retries=N　→　number of times to retry if a network call fails　(default: retry indefinitely)
  • -R, --retry-pause=N　→　time to pause between retries, in seconds (default: 30)
  • -T, --timeout=N　→　timeout for long polling, in seconds (default: none)
  • -s, --scantime=N　→　upper bound on time spent scanning current work when　long polling is unavailable, in seconds (default: 5)
  • --no-longpoll　→　disable X-Long-Polling support
  • --no-stratum　→　disable X-Stratum support
  • --no-redirect　→　ignore requests to change the URL of the mining server
  • -q, --quiet　→　disable per-thread hashmeter output
  • -D, --debug　→　enable debug output
  • -P, --protocol-dump　→　verbose dump of protocol-level activities
  • -S, --syslog　→　use system log for output messages
  • -B, --background　→　run the miner in the background
  • --benchmark　→　run in offline benchmark mode
  • -c, --config=FILE　→　load a JSON-format configuration file
  • -V, --version　→　display version information and exit
  • -h, --help　→　display this help text and exit

It requires being executed with a specific argument/parameter, an additional component, or in a specific environment in order to proceed with its intended routine.