Manuel Statik Analiz — XMRig CoinMiner ELF | Tehdit: KRITIK
Dosya Kimligi
| SHA256 | e55ed4e871eb3ed2d086e8e30876ca9572b48ea54d413b02e62a9e9f0a8c06a |
|---|---|
| Dosya Adi | _up.bin (Linux ELF) |
| Boyut | 5.338.704 byte (5.3MB) |
| String Sayisi | 22.265 |
| Platform | Linux ELF (x86_64) |
Acik Metin Mining Pool -- DOGRULANMIS
KRITIK IOC: Mining pool adresleri acik metin olarak bulundu.
extranonce.su <-- XMR mining pool mining.su <-- XMR mining pool glibc.me <-- Linux ELF kütüphane (sahte pozitif degil, suspicious domain)
Ghostrider Algoritma
ghostrider/rtm -- Ghostrider (Raptoreum) algoritma ghostrider -- Ghostrider Monero mining pool_wallet -- Cuzdan adresi config alani
IOC
| SHA256 | e55ed4e871eb3ed2d086e8e30876ca9572b48ea54d413b02e62a9e9f0a8c06a |
|---|---|
| Mining Pool | extranonce.su |
| Mining Pool | mining.su |
| Algoritma | Ghostrider (XMR/RTM) |
XMRig — Malware Profile
XMRig, acik kaynakli Monero (XMR) miner aracinin kotu amacli degistirilmis surumleridir. Linux ELF ve Windows PE olarak dagitilir. Ghostrider, RandomX ve diğer algoritmalari destekler. Mining pool adreslerini cleartext icerir.
Malware Type
Coinminer
Programming Language
C++
C2 Protocol
TCP
Target Systems
Windows/Linux
Capabilities & Behavior
CPU/GPU Madenciliği
Kripto Para Üretimi
Kaynak Kullanımı
Kalıcılık
Anti-Analiz
Yayılma Mekanizması
IOC List (3 indicators)
IOC — XMRig
# DOMAIN
extranonce.su
# DOMAIN
mining.su
# DOMAIN
glibc.me
| Type | Value | Note |
|---|---|---|
| domain | extranonce.su | |
| domain | mining.su | |
| domain | glibc.me |
C2 Servers (2 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| mining.su | domain | — | TCP | active | — |
| extranonce.su | domain | — | TCP | inactive | — |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.