A forum for reverse engineering, OS internals and malware analysis 

XMRig Miner

Forum for analysis and discussion about malware.

Re: Malware collection

 #31315  by benkow_
 Sun Mar 04, 2018 9:22 am
markusg wrote:SHA-256
8cd0e931d1de457839fe074ee0819dee78fcd61e1983ea80c7bd7b16f696eb80
File name
ExtremeHack.exe
https://www.virustotal.com/#/file/8cd0e ... /detection
Another miner spreaded around since some weeks
Code: Select all
ftp://progerman:ivivad9x@82.202.231.21
{
    "algo": "cryptonight",  // cryptonight (default) or cryptonight-lite
    "av": 0,                // algorithm variation, 0 auto select
    "background": false,    // true to run the miner in the background
    "colors": true,         // false to disable colored output    
    "cpu-affinity": null,   // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
    "cpu-priority": 1,   // set process priority (0 idle, 2 normal to 5 highest)
    "donate-level": 1,      // donate level, mininum 1%
    "log-file": null,       // log all output to a file, example: "c:/some/path/xmrig.log"
    "max-cpu-usage": 30,    // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option.  
    "print-time": 60,       // print hashrate report every N seconds
    "retries": 5,           // number of times to retry before switch to backup server
    "retry-pause": 5,       // time to pause between retries
    "safe": false,          // true to safe adjust threads and av settings for current CPU
    "threads": 1,        // number of miner threads
    "pools": [
        {
            "url": "progerman.ru:90",   // URL of mining server
            "user": "cpu",                        // username for mining server
            "pass": "cpu",                       // password for mining server
            "keepalive": true,                 // send keepalived for prevent timeout (need pool support)
            "nicehash": true                  // enable nicehash/xmrig-proxy support
        }
    ],
    "api": {
        "port": 0,                             // port for the miner API https://github.com/xmrig/xmrig/wiki/API
        "access-token": null,                  // access token for API
        "worker-id": null                      // custom worker-id for API
    }
}
 Return to “Malware”