CoinMinerX6

hsks

您有一份文件待查收！即刻点击链接获取文件：https://cowtransfer.com/s/4f364e42446a40 或进入 cowtransfer.com 获取，在首页输入取件码：485073（24小时内有效）
exe+elf
CoinMiner的标签是根据微步分析结果得出来的

qwerwer

火绒   杀  4

秋日之殇

卡巴斯基清空

静影沉璧

ESET

swizzer

WiseVector

昨天22:37的病毒库

扫描5x，双击1x

1. 2020-12-13 09:02:07|C:\Windows\Childsong.exe|WIBD:HEUR.Trojan.V
   
2. 2020-12-13 09:02:11|D:\$aa\CoinMiner\7aae703aa13fd2e58320297386b4b4342ac5d945ac3a33a7a374d95c3bd249bd.exe|WIBD:HEUR.Trojan.V

复制代码

2020-12-13 09:01:54|D:\$aa\CoinMiner\14f77fb8a12fb5432ba212195783c2183f542dc11935a94bfb6337b7ce4aeb47|Heur.ML.PE.A
2020-12-13 09:01:55|D:\$aa\CoinMiner\1b5f2b90670146f79ec32ad10d8fff058a84a1f2e753004f0b9f2e691ec25cc7|Heur.ML.PE.C
2020-12-13 09:01:56|D:\$aa\CoinMiner\551de6e204479cc8772824a3485a30c860165bb4409174d784c2af32b07361e1|Heur.ML.PE.C
2020-12-13 09:01:57|D:\$aa\CoinMiner\6c667b95272c339cca70318b75b75d2ecad78b9bb0413520be68b1fd39c213fb|Heur.ML.PE.E
2020-12-13 09:01:57|D:\$aa\CoinMiner\cb130067a03bf471e319ff107d147aa2aa8b2a0c01e3d51ba227efb08c9bc902|Heur.ML.PE.A

纯双击5x（改名后运行）

1. 2020-12-13 09:05:55|D:\$aa\CoinMiner\1.exe|WIBD:HEUR.Trojan.KD
   
2. 2020-12-13 09:05:59|C:\Users\Administrator\AppData\Roaming\CpoDllost.exe|WIBD:HEUR.Trojan.KD
   
3. 2020-12-13 09:06:08|D:\$aa\CoinMiner\3.exe|WIBD:HEUR.Trojan.FB
   
4. 2020-12-13 09:06:11|C:\Windows\Childsong.exe|WIBD:HEUR.Trojan.FB
   
5. 2020-12-13 09:06:15|D:\$aa\CoinMiner\2.exe|WIBD:HEUR.MalBehavior.A0
   
6. 2020-12-13 09:06:18|D:\$aa\CoinMiner\2.exe|WIBD:HEUR.MalBehavior.B
   
7. 2020-12-13 09:06:23|C:\Windows\System32\notepad.exe|MEMRAY:MalCode.A0
   
8. 2020-12-13 09:07:47|D:\$aa\CoinMiner\4.exe|WIBD:HEUR.MalPowerShell.A0
   
9. 2020-12-13 09:07:55|D:\$aa\CoinMiner\5.exe|WIBD:HEUR.MalBehavior.A0
   
10. 2020-12-13 09:07:57|D:\$aa\CoinMiner\5.exe|WIBD:HEUR.MalBehavior.B
    
11. 2020-12-13 09:08:10|C:\ProgramData\jnjYmQYUdm\r.vbs|WIBD:HEUR.MalPersistence.T1

复制代码

notepad惨遭利用···

Miner相关配置

1. {
   
2.         "algo": "cryptonight",
   
3.         "autosave": false,
   
4.         "background": false,
   
5.         "colors": true,
   
6.         "retries": 5,
   
7.         "retry-pause": 5,
   
8.         "syslog": false,
   
9.         "print-time": 60,
   
10.         "av": 0,
    
11.         "safe": false,
    
12.         "cpu-priority": null,
    
13.         "cpu-affinity": null,
    
14.         "donate-level": 0,
    
15.         "threads": 4,
    
16.         "pools": [
    
17.                 {
    
18.                         "url": "pool.supportxmr.com:5555",
    
19.                         "user": "45vox8vwEbcLti34DikxKy1KzkShwQ5b8dWjLzPcQ56gGQy5e5H7VmUE5Eh7E8yfczG8igc9Y9DxFF5isU5CVwYD64U4Y8w",
    
20.                         "pass": "x",
    
21.                         "keepalive": false,
    
22.                         "nicehash": false,
    
23.                         "variant": "r",
    
24.                         "tls": false,
    
25.                         "tls-fingerprint": null
    
26.                 }
    
27.         ],
    
28.         "api": {
    
29.                 "port": 0,
    
30.                 "access-token": null,
    
31.                 "worker-id": null
    
32.         }
    
33. }

复制代码

jdsh

Emsisoft Anti-Malware

k2132

微点

sichuanwenxuan

AVAST免费版监控杀4，扫描杀剩下的两个。

心醉咖啡

毒霸1