Obfuscated Bitcoin Miner Propagates Through FTP Using Password Dictionary
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f44c6392-51fa-4c37-8be5-50abb0a58d59 |
| Fingerprint | 4310cda0df32ecd |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 14, 2016, midnight |
| Added to db | Jan. 18, 2023, 11:19 p.m. |
| Last updated | Nov. 17, 2024, 9:42 p.m. |
| Headline | Obfuscated Bitcoin Miner Propagates Through FTP Using Password Dictionary |
| Title | Obfuscated Bitcoin Miner Propagates Through FTP Using Password Dictionary |
| Detected Hints/Tags/Attributes | 37/2/59 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 13 | info.zip |
|
| Details | Domain | 2 | hrtests.ru |
|
| Details | Domain | 1 | stafftest.ru |
|
| Details | Domain | 2 | profetest.ru |
|
| Details | Domain | 2 | testpsy.ru |
|
| Details | Domain | 2 | pstests.ru |
|
| Details | Domain | 1 | qptest.ru |
|
| Details | Domain | 1 | prtests.ru |
|
| Details | Domain | 1 | jobtests.ru |
|
| Details | Domain | 1 | iqtesti.ru |
|
| Details | Domain | 4 | mine.moneropool.com |
|
| Details | Domain | 2 | nsis.sourceforge.net |
|
| Details | Domain | 29 | en.bitcoin.it |
|
| Details | Domain | 18 | bitcointalk.org |
|
| Details | File | 17 | img001.exe |
|
| Details | File | 1 | ------------intec.dll |
|
| Details | File | 1 | ------nscpucnminer32.exe |
|
| Details | File | 1 | ------nscpucnminer64.exe |
|
| Details | File | 1 | ------pools.txt |
|
| Details | File | 1 | ------makensis.exe |
|
| Details | File | 1 | ------info.zip |
|
| Details | File | 1 | ------tftp.exe |
|
| Details | File | 1 | ------------execdos.dll |
|
| Details | File | 1 | ------------info.zip |
|
| Details | File | 1 | ------------tftp.exe |
|
| Details | File | 1 | ------------inetc.dll |
|
| Details | File | 1 | ------------folder.ico |
|
| Details | File | 1 | ------------icon.ico |
|
| Details | File | 1 | ------------rar.ico |
|
| Details | File | 13 | info.zip |
|
| Details | File | 9 | inetc.dll |
|
| Details | File | 1 | nsh9f3d.tmp |
|
| Details | File | 1 | rooxxxx.tmp |
|
| Details | File | 1 | capxxxx.tmp |
|
| Details | File | 1 | rooeedc.tmp |
|
| Details | File | 1 | capeeec.tmp |
|
| Details | File | 3 | tftp.exe |
|
| Details | File | 3 | pools.txt |
|
| Details | File | 1 | nscpucnminer32.exe |
|
| Details | File | 1 | nscpucnminer64.exe |
|
| Details | File | 1 | c:\users\ \appdata\roaming\nsminer\img001.exe |
|
| Details | File | 1 | %appdata%\roaming\nsminer\img001.exe |
|
| Details | File | 25 | test.html |
|
| Details | File | 1 | stat.html |
|
| Details | File | 2 | text.html |
|
| Details | File | 1205 | index.php |
|
| Details | md5 | 1 | 522f8ba8b2dec299cc64c0ccf5a68000 |
|
| Details | md5 | 1 | fbbcf1e9501234d6661a0c9ae6dc01c9 |
|
| Details | sha256 | 1 | a9a349d2aacd7d9c1d0f149a9e2c0a908584e607719cbed37a26f6e8dee1e718 |
|
| Details | sha256 | 1 | d9901b16a93aad709947524379d572a7a7bf8e2741e27a1112c95977d4a6ea8c |
|
| Details | Pdb | 1 | e:\cryptonight\bitmonero-master\src\miner\x64\cpu-release\crypto.pdb |
|
| Details | Url | 1 | http://nsis.sourceforge.net/inetc_plug-in |
|
| Details | Url | 1 | https://en.bitcoin.it/wiki/cryptonight |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/a9a349d2aacd7d9c1d0f149a9e2c0a908584e607719cbed37a26f6e8dee1e718/analysis |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/d9901b16a93aad709947524379d572a7a7bf8e2741e27a1112c95977d4a6ea8c/analysis/1451986874 |
|
| Details | Url | 1 | http://www.symantec.com/connect/articles/tweaking-windows-7-power-plans-using-powercfg-command-line-options |
|
| Details | Url | 1 | https://bitcointalk.org/index.php?topic=647251.0 |
|
| Details | Windows Registry Key | 41 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |