Sysrv cryptomining botnet is still alive (and kicking out the competition) - ThreatDown by Malwarebytes
Common Information
Type Value
UUID e42f7864-81a2-4337-b6c9-6d71576a2907
Fingerprint 8d411b26a13fc787
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 23, 2024, 9:30 p.m.
Added to db Dec. 24, 2024, midnight
Last updated Dec. 24, 2024, midnight
Headline UNKNOWN
Title Sysrv cryptomining botnet is still alive (and kicking out the competition) - ThreatDown by Malwarebytes
Detected Hints/Tags/Attributes 40/1/27
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 474 Blog – ThreatDown by Malwarebytes https://www.threatdown.com/blog/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 6
ldr.ps1
Details File 32
sys.exe
Details File 8
text.reg
Details File 3
ularexpressions.reg
Details File 2
network01.exe
Details File 1
network001.exe
Details File 1
network002.exe
Details File 1
kthreaddi.exe
Details File 3
sysrv.exe
Details File 1
sysrv012.exe
Details File 1
sysrv011.exe
Details File 1
sysrv010.exe
Details File 1
sysrv001.exe
Details File 1
sysrv002.exe
Details File 1
sysrv003.exe
Details File 1
sysrv004.exe
Details File 1
sysrv005.exe
Details File 1
sysrv006.exe
Details File 1
sysrv007.exe
Details File 1
sysrv008.exe
Details File 1
sysrv009.exe
Details IPv4 2
194.38.23.2
Details IPv4 11
194.145.227.21
Details IPv4 4
185.239.242.71
Details Url 1
http://194.38.23.2/ldr.ps1?bf714e
Details Url 2
http://194.38.23.2
Details Windows Registry Key 123
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run