1 min read

Kingminer Botnet Keeps up with the Times

Janos Gergo SZELES

July 08, 2020

Kingminer Botnet Keeps up with the Times

The e-currency boom in late 2017 sparked a new type of “gold rush”, as cyber-criminals started racing to infect home computers and data centers with crypto-miners.

While digital currencies have fluctuated wildly since late 2017, cyber-criminals are still making money and investing in the development of mining malware. Such is the case with Kingminer, a piece of crypto-jacking malware that has been around since early 2018.

Kingminer has drawn its share of scrutiny, as it has been thoroughly researched by the cyber-security community. Recently, though, Bitdefender researchers picked up an attack involving several new sophisticated techniques, tactics and procedures to deliver malicious payloads.

This new whitepaper on Kingminer focuses on novel techniques such as:

  • Initial access from SQL Server processes by brute-forcing accounts
  • Initial execution from a kernel exploit, e.g., EternalBlue, the technique used by WannaCry
  • DGA (Domain Generation Algorithm) for evading blacklists
  • Use of tools like Mimikatz and PowerSploit
  • File-less execution of the bot
  • Various payloads delivered from the attacker’s server (XMRig, Kingminer)

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read