Sysrv cryptomining botnet is still alive (and kicking out the competition) - ThreatDown by Malwarebytes
Tags
Common Information
Type | Value |
---|---|
UUID | e42f7864-81a2-4337-b6c9-6d71576a2907 |
Fingerprint | 8d411b26a13fc787 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Dec. 23, 2024, 9:30 p.m. |
Added to db | Dec. 24, 2024, midnight |
Last updated | Dec. 24, 2024, midnight |
Headline | UNKNOWN |
Title | Sysrv cryptomining botnet is still alive (and kicking out the competition) - ThreatDown by Malwarebytes |
Detected Hints/Tags/Attributes | 40/1/27 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 474 | ✔ | Blog – ThreatDown by Malwarebytes | https://www.threatdown.com/blog/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | File | 6 | ldr.ps1 |
|
Details | File | 32 | sys.exe |
|
Details | File | 8 | text.reg |
|
Details | File | 3 | ularexpressions.reg |
|
Details | File | 2 | network01.exe |
|
Details | File | 1 | network001.exe |
|
Details | File | 1 | network002.exe |
|
Details | File | 1 | kthreaddi.exe |
|
Details | File | 3 | sysrv.exe |
|
Details | File | 1 | sysrv012.exe |
|
Details | File | 1 | sysrv011.exe |
|
Details | File | 1 | sysrv010.exe |
|
Details | File | 1 | sysrv001.exe |
|
Details | File | 1 | sysrv002.exe |
|
Details | File | 1 | sysrv003.exe |
|
Details | File | 1 | sysrv004.exe |
|
Details | File | 1 | sysrv005.exe |
|
Details | File | 1 | sysrv006.exe |
|
Details | File | 1 | sysrv007.exe |
|
Details | File | 1 | sysrv008.exe |
|
Details | File | 1 | sysrv009.exe |
|
Details | IPv4 | 2 | 194.38.23.2 |
|
Details | IPv4 | 11 | 194.145.227.21 |
|
Details | IPv4 | 4 | 185.239.242.71 |
|
Details | Url | 1 | http://194.38.23.2/ldr.ps1?bf714e |
|
Details | Url | 2 | http://194.38.23.2 |
|
Details | Windows Registry Key | 123 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |