Coinminer.Linux.MALXMR.UWELD

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Datendiebstahl

Folgende Daten werden gesammelt:

• Product Name
• Product Version
• Product Serial
• Product UUID
• Board Vendor
• Board Name
• Board Version
• Board Serial
• Board Asset Tag
• Chassis Vendor
• Chassis Type
• Chassis Version
• Chassis Serial
• Chassis Asset Tag
• Bios Vendor
• Bios Version
• Bios Date
• Sys Vendor
• Kernel Version

Andere Details

Es macht Folgendes:

• It accepts the following parameters:
  • -o
    • --url=URL - URL of mining server
  • -a
    • --algo=ALGO - mining algorithm https://xmrig.com/docs/algorithms
    • --coin=COIN - specify coin instead of algorithm
  • -u
    • --user=USERNAME - username for mining server
  • -p
    • --pass=PASSWORD - password for mining server
  • -O
    • --userpass=U:P - username:password pair for mining server
  • -k
    • --keepalive - send keepalived packet for prevent timeout (needs pool support)
    • --nicehash - enable nicehash.com support
    • --rig-id=ID - rig identifier for pool-side statistics (needs pool support)
    • --tls - enable SSL/TLS support (needs pool support)
    • --tls-fingerprint=HEX - pool TLS certificate fingerprint for strict certificate pinning
    • --daemon - use daemon RPC instead of pool for solo mining
    • --daemon-poll-interval=N - daemon poll interval in milliseconds (default: 1000)
    • --self-select=URL - self-select block templates from URL
  • -r
    • --retries=N - number of times to retry before switch to backup server (default: 5)
  • -R
    • --retry-pause=N - time to pause between retries (default: 5)
    • --user-agent - set custom user-agent string for pool
    • --donate-level=N- donate level, default 5%% (5 minutes in 100 minutes)
    • --donate-over-proxy=N - control donate over xmrig-proxy feature
    • --no-cpu - disable CPU mining backend
  • -t
    • --threads=N - number of CPU threads
  • -v
    • --av=N - algorithm variation, 0 auto select
    • --cpu-affinity - set process affinity to CPU core(s), mask 0x3 for cores 0 and 1
    • --cpu-priority - set process priority (0 idle, 2 normal to 5 highest)
    • --cpu-max-threads-hint=N - maximum CPU threads count (in percentage) hint for autoconfig
    • --cpu-memory-pool=N - number of 2 MB pages for persistent memory pool, -1 (auto), 0 (disable)
    • --no-huge-pages - disable huge pages support
    • --asm=ASM - ASM optimizations, possible values: auto, none, intel, ryzen, bulldozer
    • --randomx-init=N - threads count to initialize RandomX dataset
    • --randomx-no-numa - disable NUMA support for RandomX
    • --api-worker-id=ID - custom worker-id for API
    • --api-id=ID - custom instance ID for API
    • --http-host=HOST- bind host for HTTP API (default: 127.0.0.1)
    • --http-port=N - bind port for HTTP API
    • --http-access-token=T- access token for HTTP API
    • --http-no-restricted - enable full remote access to HTTP API (only if access token set)
    • --opencl - enable OpenCL mining backend
    • --opencl-devices=N - list of OpenCL devices to use
    • --opencl-platform=N- OpenCL platform index or name
    • --opencl-loader=N - path to OpenCL-ICD-Loader (OpenCL.dll or libOpenCL.so)
    • --opencl-no-cache - disable OpenCL cache
    • --print-platforms - print available OpenCL platforms and exit
  • -S
    • --syslog - use system log for output messages
  • -l
    • --log-file=FILE - log all output to a file
    • --print-time=N - print hashrate report every N seconds
    • --no-color - disable colored output
  • -c
    • --config=FILE - load a JSON-format configuration file
  • -B
    • --background - run the miner in the background
  • -V
    • --version - output version information and exit
  • -h
    • --help - display this help and exit
    • --dry-run - test configuration and exit
    • --export-topology - export hwloc topology to a XML file and exit
• Supported algo options:
  • cryptonight/0
  • cryptonight
  • cryptonight/1
  • cryptonight-monerov7
  • cryptonight_v7
  • cryptonight/2
  • cryptonight-monerov8
  • cryptonight_v8
  • cryptonight/r
  • cryptonight_r
  • cryptonight/fast
  • cryptonight/msr
  • cryptonight/half
  • cryptonight/xao
  • cryptonight_alloy
  • cryptonight/rto
  • cryptonight/rwz
  • cryptonight/zls
  • cryptonight/double
  • cryptonight-lite/0
  • cryptonight-lite/1
  • cryptonight-lite
  • cryptonight-light
  • cryptonight_lite
  • cryptonight-aeonv7
  • cryptonight_lite_v7
  • cryptonight-heavy/0
  • cryptonight-heavy
  • cryptonight_heavy
  • cryptonight-heavy/xhv
  • cryptonight_haven
  • cryptonight-heavy/tube
  • cryptonight-bittube2
  • cryptonight-pico
  • cryptonight-pico/trtl
  • cryptonight-turtle
  • cryptonight-ultralite
  • cryptonight_turtle
  • randomx/0
  • randomx/test
  • RandomX
  • randomx/wow
  • RandomWOW
  • randomx/loki
  • RandomXL
  • randomx/arq
  • RandomARQ
  • argon2/chukwa
  • argon2/wrkz
  • RandomWOW
  • RandomXL
  • RandomARQ
  • RandomX
• Supported coin options:
  • monero
  • arqma
• Reads the information contained in the following files:
  • /sys/fs/cgroup/cpuset//cpuset.cpus
  • /sys/fs/cgroup/cpuset//cpuset.mems
  • /sys/devices/system/cpu/online
  • /sys/bus/cpu/devices/cpu0/topology/thread_siblings
  • /sys/bus/cpu/devices/cpu0/topology/die_cpus
  • /sys/bus/cpu/devices/cpu0/topology/core_siblings
  • /sys/bus/cpu/devices/cpu0/topology/physical_package_id
  • /sys/bus/cpu/devices/cpu0/index0/level
  • /sys/devices/system/cpu/possible
  • /sys/fs/cgroup/cpuset//cpuset.cpus
  • /sys/fs/cgroup/cpuset//cpuset/mems
  • /sys/devices/system/cpu/online
  • /sys/bus/cpu/devices/cpu{0-4}/topology/package_cpus
  • /sys/bus/cpu/devices/cpu{0-4}/topology/core_cpus
  • /sys/bus/cpu/devices/cpu{0-4}/topology/thread_siblings
  • /sys/bus/node/devices/node{0-4}/cpumap
  • /sys/bus/cpu/devices
  • /sys/bus/cpu/devices/cpu{0-4}/topology
  • /sys/bus/cpu/devices/cpu{0-4}/topology/core_siblings
  • /sys/bus/cpu/devices/cpu{0-4}/online
  • /sys/bus/cpu/devices/cpu{0-4}/topology/physical_package_id
  • /sys/bus/cpu/devices/cpu{0-4}/topology/die_cpu
  • /sys/bus/cpu/devices/cpu{0-4}/topology/core_id
  • /sys/bus/cpu/devices/cpu{0-4}/topology/book_siblings
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/level
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/size
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/coherency_line_size
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/number_of_sets
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/physical_line_partition
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/shared_cpu_map
  • /sys/bus/cpu/devices/cpu{0-4}/cache/Index{0-4}/type
  • /sys/kernel/mm/hugepages
  • /sys/bus/node/devices
  • /sys/bus/node/devices/node{0-4}/hugepages
• Check the directory of running processes