Status: Malicious
Container analysis revealed malware Multios.Coinminer.Miner-6781728-2
Submission Details |
|
|---|---|
| Analysis started | 2020-08-18 20:44:05 |
| Analysis finished | 2020-08-18 20:49:39 |
| Total time | 5 minutes and 34 seconds |
| Base Image | widoc26117/xmr |
Outbound Connections |
|---|
| IP: 118.190.200.162, port: 3333 |
Executed Processes |
|---|
| /bin/sh -c /docker-entrypoint.sh |
| /docker-entrypoint.sh |
| sed -i s/docker//g /config.json |
| /xmrig -c /config.json |
| sh -c |
| /sbin/modprobe msr |
Written / Modified Files |
|---|
| /config.json |
Remote Hosts
The following remote hosts were accessed during image build and container runtime phases of analysis| IP Address | Location | Coordinates | ISP | Organization |
|---|---|---|---|---|
| 18.232.227.119 |  Ashburn, United States |
39.0481, -77.4728 | Massachusetts Institute of Technology | Massachusetts Institute of Technology |
| 52.1.121.53 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 3.224.175.179 | Ashburn, United States |
39.0481, -77.4728 | General Electric Company | General Electric Company |
| 52.5.11.128 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 54.85.107.53 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 3.211.199.249 | Ashburn, United States |
39.0481, -77.4728 | General Electric Company | General Electric Company |
| 35.171.59.61 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 23.22.155.84 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 52.4.20.24 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 104.18.121.25 | United States |
37.751, -97.822 | CloudFlare | CloudFlare |
| 104.18.122.25 | United States |
37.751, -97.822 | CloudFlare | CloudFlare |
| 104.18.124.25 | United States |
37.751, -97.822 | CloudFlare | CloudFlare |
| 118.190.200.162 |  China |
34.7725, 113.7266 | Hangzhou Alibaba Advertising Co.,Ltd. | Hangzhou Alibaba Advertising Co.,Ltd. |
| 3.218.162.19 | Ashburn, United States |
39.0481, -77.4728 | General Electric Company | General Electric Company |
| 52.72.232.213 | Ashburn, United States |
39.0481, -77.4728 | Amazon.com | Amazon.com |
| 3.223.220.229 | Ashburn, United States |
39.0481, -77.4728 | General Electric Company | General Electric Company |
| 18.213.137.78 | Ashburn, United States |
39.0481, -77.4728 | Massachusetts Institute of Technology | Massachusetts Institute of Technology |
| 104.18.125.25 | United States |
37.751, -97.822 | CloudFlare | CloudFlare |
DNS Requests
The following DNS requests were made during image build and container runtime phases| Request | Response |
|---|---|
| A → registry-1.docker.io |
A → 18.232.227.119 A → 52.4.20.24 A → 3.211.199.249 A → 34.195.246.183 A → 3.94.35.164 A → 23.22.155.84 A → 18.213.137.78 A → 3.224.175.179 |
| AAAA → registry-1.docker.io | SOA → ns-513.awsdns-00.net |
| AAAA → auth.docker.io | SOA → ns-513.awsdns-00.net |
| A → auth.docker.io |
A → 52.1.121.53 A → 107.23.149.57 A → 52.54.232.21 A → 54.236.131.166 A → 35.174.73.84 A → 18.213.137.78 A → 3.94.35.164 A → 3.218.162.19 |
| AAAA → registry.hub.docker.com |
CNAME → elb-hub.us-east-1.aws.dckr.io CNAME → us-east-1-elbhub-1t5fblb53f6sl-411513349.us-east-1.elb.amazonaws.com SOA → ns-1119.awsdns-11.org |
| A → registry.hub.docker.com |
CNAME → elb-hub.us-east-1.aws.dckr.io CNAME → us-east-1-elbhub-1t5fblb53f6sl-411513349.us-east-1.elb.amazonaws.com A → 35.171.59.61 A → 52.206.60.108 A → 3.221.246.121 |
| AAAA → production.cloudflare.docker.com | SOA → dara.ns.cloudflare.com |
| A → production.cloudflare.docker.com |
A → 104.18.121.25 A → 104.18.125.25 A → 104.18.123.25 A → 104.18.122.25 A → 104.18.124.25 |
HTTPS Traffic
The following HTTPS traffic was generated during container analysis| ⤴ 3.218.162.19 | GET /v2/ HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 3.218.162.19 |
| Accept-Encoding: | gzip |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 3.218.162.19 | HTTP/1.1 401 Unauthorized |
| Remote IP: | 3.218.162.19 |
| Content-Type: | application/json |
| Content-Length: | 87 bytes |
| Connection: | close |
Data: 65 22 3A 22 55 4E 41 55 54 48 4F 52 49 5A 45 44 e":"UNAUTHORIZED 22 2C 22 6D 65 73 73 61 67 65 22 3A 22 61 75 74 ","message":"aut 68 65 6E 74 69 63 61 74 69 6F 6E 20 72 65 71 75 hentication requ | |
| ⤴ 52.72.232.213 | GET /token?scope=repository%3Awidoc26117%2Fxmr%3Apull&service=registry.docker.io HTTP/1.1 |
| Host: | auth.docker.io |
| Remote IP: | 52.72.232.213 |
| Accept-Encoding: | gzip |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 52.72.232.213 | HTTP/1.1 200 OK |
| Remote IP: | 52.72.232.213 |
| Content-Type: | application/json |
| Connection: | close |
Data: 63 69 4F 69 4A 53 55 7A 49 31 4E 69 49 73 49 6E ciOiJSUzI1NiIsIn 52 35 63 43 49 36 49 6B 70 58 56 43 49 73 49 6E R5cCI6IkpXVCIsIn 67 31 59 79 49 36 57 79 4A 4E 53 55 6C 44 4B 31 g1YyI6WyJNSUlDK1 | |
| ⤴ 52.1.121.53 | GET /v2/widoc26117/xmr/manifests/pro06 HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 52.1.121.53 |
| Accept: | application/vnd.docker.distribution.manifest.v1+prettyjws, application/json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json |
| Accept-Encoding: | gzip |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 52.1.121.53 | HTTP/1.1 200 OK |
| Remote IP: | 52.1.121.53 |
| Content-Type: | application/vnd.docker.distribution.manifest.v2+json |
| Content-Length: | 1,153 bytes |
| Connection: | close |
Data: 69 6F 6E 22 3A 20 32 2C 0A 20 20 20 22 6D 65 64 ion": 2,. "med 69 61 54 79 70 65 22 3A 20 22 61 70 70 6C 69 63 iaType": "applic 61 74 69 6F 6E 2F 76 6E 64 2E 64 6F 63 6B 65 72 ation/vnd.docker | |
| ⤴ 52.1.121.53 | GET /v2/widoc26117/xmr/blobs/sha256:cdd9655e64246e3ada03344b40606a3538bb149bc274c83b4541e66cabe6930c HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 52.1.121.53 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤴ 3.223.220.229 | GET /v2/widoc26117/xmr/blobs/sha256:df2a07dde049eb661b0e3c16ea9e487555d6c86d8b7ddcc3d6e2835dd1157dac HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 3.223.220.229 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤴ 52.1.121.53 | GET /v2/widoc26117/xmr/blobs/sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08 HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 52.1.121.53 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤴ 18.213.137.78 | GET /v2/widoc26117/xmr/blobs/sha256:fd1815ba61bfb6572b2233a206d6863583ff6437e5bc618f6a2bc9e910285be7 HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 18.213.137.78 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 52.1.121.53 | HTTP/1.1 307 Temporary Redirect |
| Remote IP: | 52.1.121.53 |
| Content-Type: | application/octet-stream |
| Content-Length: | 0 bytes |
| Connection: | close |
| Location: | https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/cd/cdd9655e64246e3ada03344b40606a3538bb149bc274c83b4541e66cabe6930c/data?verify=1597786702-51i8LFEbVCcJ%2B4tUEYQS7wkAl5o%3D |
| ⤶ 18.213.137.78 | HTTP/1.1 307 Temporary Redirect |
| Remote IP: | 18.213.137.78 |
| Content-Type: | application/octet-stream |
| Content-Length: | 0 bytes |
| Connection: | close |
| Location: | https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/fd/fd1815ba61bfb6572b2233a206d6863583ff6437e5bc618f6a2bc9e910285be7/data?verify=1597786702-LOaFYnb3t7n4p0pPKnGJzdth9rM%3D |
| ⤶ 52.1.121.53 | HTTP/1.1 307 Temporary Redirect |
| Remote IP: | 52.1.121.53 |
| Content-Type: | application/octet-stream |
| Content-Length: | 0 bytes |
| Connection: | close |
| Location: | https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/cb/cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08/data?verify=1597786702-UO81QkCfN071CdN7FowItfbdR78%3D |
| ⤶ 3.223.220.229 | HTTP/1.1 307 Temporary Redirect |
| Remote IP: | 3.223.220.229 |
| Content-Type: | application/octet-stream |
| Content-Length: | 0 bytes |
| Connection: | close |
| Location: | https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/df/df2a07dde049eb661b0e3c16ea9e487555d6c86d8b7ddcc3d6e2835dd1157dac/data?verify=1597786702-Xl2kGn3LQgckuq2fQjX9hj3etWE%3D |
| ⤴ 104.18.121.25 | GET /registry-v2/docker/registry/v2/blobs/sha256/df/df2a07dde049eb661b0e3c16ea9e487555d6c86d8b7ddcc3d6e2835dd1157dac/data?verify=1597786702-Xl2kGn3LQgckuq2fQjX9hj3etWE%3D HTTP/1.1 |
| Host: | production.cloudflare.docker.com |
| Remote IP: | 104.18.121.25 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 104.18.121.25 | HTTP/1.1 200 OK |
| Remote IP: | 104.18.121.25 |
| Server: | cloudflare |
| Content-Type: | application/octet-stream |
| Content-Length: | 3,358,350 bytes |
| Connection: | close |
Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |
| ⤴ 104.18.125.25 | GET /registry-v2/docker/registry/v2/blobs/sha256/cd/cdd9655e64246e3ada03344b40606a3538bb149bc274c83b4541e66cabe6930c/data?verify=1597786702-51i8LFEbVCcJ%2B4tUEYQS7wkAl5o%3D HTTP/1.1 |
| Host: | production.cloudflare.docker.com |
| Remote IP: | 104.18.125.25 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤴ 104.18.121.25 | GET /registry-v2/docker/registry/v2/blobs/sha256/fd/fd1815ba61bfb6572b2233a206d6863583ff6437e5bc618f6a2bc9e910285be7/data?verify=1597786702-LOaFYnb3t7n4p0pPKnGJzdth9rM%3D HTTP/1.1 |
| Host: | production.cloudflare.docker.com |
| Remote IP: | 104.18.121.25 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤴ 104.18.124.25 | GET /registry-v2/docker/registry/v2/blobs/sha256/cb/cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08/data?verify=1597786702-UO81QkCfN071CdN7FowItfbdR78%3D HTTP/1.1 |
| Host: | production.cloudflare.docker.com |
| Remote IP: | 104.18.124.25 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 104.18.125.25 | HTTP/1.1 200 OK |
| Remote IP: | 104.18.125.25 |
| Server: | cloudflare |
| Content-Type: | application/octet-stream |
| Content-Length: | 842 bytes |
| Connection: | close |
Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |
| ⤶ 104.18.121.25 | HTTP/1.1 200 OK |
| Remote IP: | 104.18.121.25 |
| Server: | cloudflare |
| Content-Type: | application/octet-stream |
| Content-Length: | 2,380 bytes |
| Connection: | close |
Data: 22 61 6D 64 36 34 22 2C 22 63 6F 6E 66 69 67 22 "amd64","config" 3A 7B 22 48 6F 73 74 6E 61 6D 65 22 3A 22 22 2C :{"Hostname":"", 22 44 6F 6D 61 69 6E 6E 61 6D 65 22 3A 22 22 2C "Domainname":"", | |
| ⤶ 104.18.124.25 | HTTP/1.1 200 OK |
| Remote IP: | 104.18.124.25 |
| Server: | cloudflare |
| Content-Type: | application/octet-stream |
| Content-Length: | 2,813,316 bytes |
| Connection: | close |
Data: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |
| ⤴ 52.1.121.53 | GET /v2/widoc26117/xmr/blobs/sha256:969f74c4d9f4d5505b2138f426c062bdb0f9a38a91d3babf0a7f989fea657f34 HTTP/1.1 |
| Host: | registry-1.docker.io |
| Remote IP: | 52.1.121.53 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 52.1.121.53 | HTTP/1.1 307 Temporary Redirect |
| Remote IP: | 52.1.121.53 |
| Content-Type: | application/octet-stream |
| Content-Length: | 0 bytes |
| Connection: | close |
| Location: | https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/96/969f74c4d9f4d5505b2138f426c062bdb0f9a38a91d3babf0a7f989fea657f34/data?verify=1597786704-g%2B0ozpc40z%2B9oSVZwQBJCwyg%2FJs%3D |
| ⤴ 104.18.125.25 | GET /registry-v2/docker/registry/v2/blobs/sha256/96/969f74c4d9f4d5505b2138f426c062bdb0f9a38a91d3babf0a7f989fea657f34/data?verify=1597786704-g%2B0ozpc40z%2B9oSVZwQBJCwyg%2FJs%3D HTTP/1.1 |
| Host: | production.cloudflare.docker.com |
| Remote IP: | 104.18.125.25 |
| Accept-Encoding: | identity |
| User-Agent: | docker/19.03.5 go/go1.12.12 git-commit/633a0ea838 kernel/4.4.0-142-generic os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \(linux\)) |
| Connection: | close |
| ⤶ 104.18.125.25 | HTTP/1.1 200 OK |
| Remote IP: | 104.18.125.25 |
| Server: | cloudflare |
| Content-Type: | application/octet-stream |
| Content-Length: | 182 bytes |
| Connection: | close |
Data: 74 2E 73 68 00 00 00 00 00 00 00 00 00 00 00 00 t.sh............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |
Terminal Output
Standard output (STDOUT) from the executed container
- * ABOUT C3XMRig/5.11.2-c3 gcc/7.5.0
- * LIBS libuv/1.18.0 OpenSSL/1.1.1 hwloc/2.0.4
- * HUGE PAGES supported
- * 1GB PAGES unavailable
- * CPU Intel(R) Xeon(R) CPU (2) x64 AES
- L2:8.0 MB L3:0.0 MB 2C/2T NUMA:1
- * MEMORY 2.7/7.8 GB (34%)
- * DONATE 1%
- * ASSEMBLY auto:intel
- * POOL #1 118.190.200.162:3333 algo auto
- * COMMANDS hashrate, pause, resume
- * OPENCL disabled
- * CUDA disabled
- [2020-08-18 20:44:38.577] >>>>> STARTING ALGO PERFORMANCE CALIBRATION (with 10 seconds round)
- [2020-08-18 20:44:38.579] cpu use argon2 implementation AVX-512F
- [2020-08-18 20:44:38.580] cpu use profile argon2 (2 threads) scratchpad 512 KB
- [2020-08-18 20:44:38.608] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 1024 KB (27 ms)
- [2020-08-18 20:44:38.793] ===> Starting benchmark of argon2/chukwa algo
- [2020-08-18 20:44:48.795] ===> argon2/chukwa hasrate: 3489.502197
- [2020-08-18 20:44:48.802] cpu stopped (4 ms)
- [2020-08-18 20:44:48.812] msr msr kernel module is not available
- [2020-08-18 20:44:48.814] rx init dataset algo rx/0 (2 threads) seed 0000000000000000...
- [2020-08-18 20:44:48.815] rx failed to allocate RandomX dataset using 1GB pages
- [2020-08-18 20:44:48.816] rx allocated 2336 MB (2080+256) huge pages 0% 0/1168 +JIT (2 ms)
- [2020-08-18 20:45:13.393] rx dataset ready (24576 ms)
- [2020-08-18 20:45:13.393] cpu use profile rx (2 threads) scratchpad 2048 KB
- [2020-08-18 20:45:13.430] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 4096 KB (36 ms)
- [2020-08-18 20:45:13.532] ===> Starting benchmark of rx/0 algo
- [2020-08-18 20:45:23.543] ===> rx/0 hasrate: 493.656952
- [2020-08-18 20:45:23.555] cpu stopped (12 ms)
- [2020-08-18 20:45:23.558] rx init dataset algo rx/wow (2 threads) seed 0000000000000000...
- [2020-08-18 20:45:38.663] speed 10s/60s/15m n/a n/a n/a H/s max n/a H/s
- [2020-08-18 20:45:39.426] rx dataset ready (15866 ms)
- [2020-08-18 20:45:39.428] cpu use profile rx/wow (2 threads) scratchpad 1024 KB
- [2020-08-18 20:45:39.461] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 2048 KB (32 ms)
- [2020-08-18 20:45:39.510] ===> Starting benchmark of rx/wow algo
- [2020-08-18 20:45:49.515] ===> rx/wow hasrate: 532.433838
- [2020-08-18 20:45:49.519] cpu stopped (3 ms)
- [2020-08-18 20:45:49.519] rx init dataset algo defyx (2 threads) seed 0000000000000000...
- [2020-08-18 20:45:50.453] rx dataset ready (933 ms)
- [2020-08-18 20:45:50.454] cpu use profile defyx (2 threads) scratchpad 256 KB
- [2020-08-18 20:45:50.491] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 512 KB (36 ms)
- [2020-08-18 20:45:50.583] ===> Starting benchmark of defyx algo
- [2020-08-18 20:46:00.595] ===> defyx hasrate: 517.379150
- [2020-08-18 20:46:00.599] cpu stopped (2 ms)
- [2020-08-18 20:46:00.600] rx init dataset algo rx/arq (2 threads) seed 0000000000000000...
- [2020-08-18 20:46:17.648] rx dataset ready (17045 ms)
- [2020-08-18 20:46:17.651] cpu use profile rx/wow (2 threads) scratchpad 256 KB
- [2020-08-18 20:46:17.674] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 512 KB (23 ms)
- [2020-08-18 20:46:17.692] ===> Starting benchmark of rx/arq algo
- [2020-08-18 20:46:27.695] ===> rx/arq hasrate: 2000.699707
- [2020-08-18 20:46:27.705] cpu stopped (7 ms)
- [2020-08-18 20:46:27.707] cpu use profile cn (2 threads) scratchpad 2048 KB
- [2020-08-18 20:46:28.386] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 4096 KB (679 ms)
- [2020-08-18 20:46:28.435] ===> Starting benchmark of cn/r algo
- [2020-08-18 20:46:38.449] ===> cn/r hasrate: 80.395485
- [2020-08-18 20:46:38.751] speed 10s/60s/15m 88.7 n/a n/a H/s max 88.7 H/s
- [2020-08-18 20:46:38.768] ===> Starting benchmark of cn/gpu algo
- [2020-08-18 20:46:50.140] ===> cn/gpu hasrate: 9.233205
- [2020-08-18 20:46:50.297] cpu stopped (155 ms)
- [2020-08-18 20:46:50.297] cpu use profile cn-lite (2 threads) scratchpad 1024 KB
- [2020-08-18 20:46:50.334] cpu READY threads 2/2 (2) huge pages 0% 0/2 memory 2048 KB (37 ms)
- [2020-08-18 20:46:50.427] ===> Starting benchmark of cn-lite/1 algo
- [2020-08-18 20:47:00.428] ===> cn-lite/1 hasrate: 255.474442
- [2020-08-18 20:47:00.433] cpu stopped (3 ms)
- [2020-08-18 20:47:00.435] cpu use profile cn-heavy (2 threads) scratchpad 4096 KB
- [2020-08-18 20:47:00.571] cpu READY threads 2/2 (2) huge pages 0% 0/4 memory 8192 KB (137 ms)
- [2020-08-18 20:47:00.691] ===> Starting benchmark of cn-heavy/tube algo
- [2020-08-18 20:47:10.693] ===> cn-heavy/tube hasrate: 67.186562
- [2020-08-18 20:47:10.739] cpu stopped (46 ms)
- [2020-08-18 20:47:10.739] cpu use profile cn-pico (2 threads) scratchpad 256 KB
- [2020-08-18 20:47:10.771] cpu READY threads 2/2 (4) huge pages 0% 0/2 memory 1024 KB (31 ms)
- [2020-08-18 20:47:10.781] ===> Starting benchmark of cn-pico algo
- [2020-08-18 20:47:20.783] ===> cn-pico hasrate: 1593.421875
- [2020-08-18 20:47:20.789] cpu stopped (6 ms)
- [2020-08-18 20:47:20.789] cpu use profile astrobwt (2 threads) scratchpad 20480 KB
- [2020-08-18 20:47:20.921] cpu READY threads 2/2 (2) huge pages 0% 0/20 memory 40960 KB (132 ms)
- [2020-08-18 20:47:20.941] ===> Starting benchmark of astrobwt algo
- [2020-08-18 20:47:30.955] ===> astrobwt hasrate: 99.960060
- [2020-08-18 20:47:30.976] configuration saved to: "/config.json"
- [2020-08-18 20:47:31.437] net use pool 118.190.200.162:3333 118.190.200.162
- [2020-08-18 20:47:31.438] net new job from 118.190.200.162:3333 diff 61753 algo rx/0 height 2167371
- [2020-08-18 20:47:31.582] cpu stopped (144 ms)
- [2020-08-18 20:47:31.730] msr msr kernel module is not available
- [2020-08-18 20:47:31.731] rx init dataset algo rx/0 (2 threads) seed 47fd6767dbeae711...
- [2020-08-18 20:47:38.860] speed 10s/60s/15m n/a n/a n/a H/s max n/a H/s
Created Files
The following files were created during container analysis
| Filename | File Size | SHA-256 | Scan Result |
|---|---|---|---|
| /xmrig | 7.4 MB | d5aa7968369eecb33ae14c5bb015f0635c31a8a4c6fb130b85570730daa6b47f | Multios.Coinminer.Miner-6781728-2 |
| /etc/securetty | 65 bytes | b8c0476e6ba1fcb82449441af35eccae25c1b435c9515051fb68fe964cf720f6 | Clean |
| /usr/bin/getconf | 37 kB | 2cbd7849cda64fefb1d5a6b86bfbcb0b2bea3d3af70b047a63964ab2f59898d4 | Clean |
| /usr/share/udhcpc/default.script | 3 kB | b2c51ae1e0de665a4b32c400a76deff7d5fbaccf8b02cc8d0a345e31fac04a2b | Clean |
| /config.json | 4 kB | c5f92c1e718548f482a6f5a3f45f644bcbb11679e51268acd7c116808ade70e3 | Clean |
| /etc/modprobe.d/aliases.conf | 2 kB | 3ebaba946f213670170c7d69949f690a3854553bd0b1560f1d980cba4c83a942 | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub | 451 bytes | 780b3ed41786772cbc7b68136546fa3f897f28a23b30c72dde6225319c44cfff | Clean |
| /etc/os-release | 164 bytes | b02a04e39b92cfab7a42d7faf0e958fcd9a779e8e8eda85bd46c40b53de834a0 | Clean |
| /etc/sysctl.conf | 53 bytes | 8bba47da45bc8715c69ac904a60410eabffaa7bbbef640f9c1368ab9c48493d0 | Clean |
| /etc/profile.d/color_prompt | 295 bytes | a00b56dbd437d3f2c32ced50974daa3cfc84a8dd1cbaf75cf307be20b398fc75 | Clean |
| /etc/apk/arch | 7 bytes | aaf631698ae5160ceb04a97681a14887fdcab47cd6e0f163c87485b3b1340b62 | Clean |
| /usr/lib/engines-1.1/padlock.so | 26 kB | 76bba1f61f44ec84a7767071f0b97352d2f5c3fd321ca5b1e203eeafee3536fc | Clean |
| /usr/lib/engines-1.1/capi.so | 14 kB | 3fcc9f3980035f148cfd9a324ff7a72ff4adc3e33f1e6733cfc6b56c035c5849 | Clean |
| /etc/apk/repositories | 101 bytes | 4c942cd128725a0d53b6c4c4273c830e5f35c7d4aae42f6aed23f373f16109db | Clean |
| /lib/libssl.so.1.1 | 511 kB | 64186ee5271fbcde6f2034d6edc5aab4a9c9db6833294914f721f999edc472b4 | Clean |
| /etc/hosts | 79 bytes | e3998dbe02b51dada33de87ae43d18a93ab6915b9e34f5a751bf2b9b25a55492 | Clean |
| /lib/apk/db/installed | 11 kB | 99e35528c0d651039479bd61c60997b803eaaa6a115318e16a5314354c5ffb11 | Clean |
| /etc/modprobe.d/blacklist.conf | 2 kB | 2e2a6fd7a554924bbb5cbdd30f73dc05963fe0c458437b520cf4d503d4d73ff7 | Clean |
| /sbin/mkmntdirs | 14 kB | 964ef61a33d479174c125ab0fb7484c8f202da0d076838a74ba691ed5fc00f39 | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub /etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub |
451 bytes | ebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9 | Clean |
| /etc/alpine-release | 7 bytes | 9fef4c18f0a3bd5573470ac8a23a7afb8b62dc3870d8f5b53967e15a0ff394bc | Clean |
| /lib/apk/db/triggers | 76 bytes | c327609b78b5ba4d61a7c0e0079a0735f073f60d97cf15972d3f04ce65a2160d | Clean |
| /etc/services | 35 kB | e96af627f7774e8c87b0de843556a355fea6150c4d64fa4e2ff2c5fd610e7a79 | Clean |
| /sbin/ldconfig | 393 bytes | b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 | Clean |
| /etc/network/if-up.d/dad | 218 bytes | eadec0a3e18ef58316d8657c6e42b6f4d35d26de52d19cfeb3d3a256622c955b | Clean |
| /etc/issue | 54 bytes | ae90fc1b65b1a6fea28769202f3b1aa28f46f0cf3362c392ac4fc8b54017c411 | Clean |
| /usr/lib/libtls-standalone.so.1.0.0 | 94 kB | 5eb381f81fe55cbfa92dfa741de6760250bb3405f0d6eb8a4e3b944f34a99d40 | Clean |
| /etc/protocols | 2 kB | a6695dbd53b87c7b41dfdafd40b1c8ba34fed2f0fa8eaaa296ad17c0b154603e | Clean |
| /etc/ssl/cert.pem | 227 kB | 4132ff4ff1b720bcacbd19c3450fdd59d2906cf3cc75f1cb06c7399ece47a209 | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub /etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub |
451 bytes | 12f899e55a7691225603d6fb3324940fc51cd7f133e7ead788663c2b7eecb00c | Clean |
| /lib/libz.so.1.2.11 | 98 kB | 7b5bc56bc5c8423cf56e777fe9b14133fb1ebc70e5ae801115072df320bd5416 | Clean |
| /etc/profile | 238 bytes | 88dc4b847ee3ca91501b025dee3ff49590a85360a20e90a5e0f1a37bd610f598 | Clean |
| /etc/inittab | 570 bytes | 54a5f36970125bf70cdf7b215c9e12a287d92ad76a693bd72aec4cbc5645df87 | Clean |
| /lib/ld-musl-x86_64.so.1 | 583 kB | 4d1b97ff9b02930b7b80a4e8712c3144365bae85148137d1393dfd11d06608d4 | Clean |
| /bin/busybox | 822 kB | 0a9d95356c44e32507575a2e7d0fcde1355688c6d9e68735d29ccea32d86bcf5 | Clean |
| /usr/lib/engines-1.1/afalg.so | 22 kB | 2273f6ad398adab94520fdaf4f46d83205fcb4c1f17a244225203343f10071b6 | Clean |
| /etc/hostname | 10 bytes | d906aecb61d076a967d9ffe8821c7b04b063f72df9d9e35b33ef36b1c0d98f16 | Clean |
| /etc/group | 682 bytes | 412af628e00706d3c90a5d465d59cc422ff68d79eeb8870c4f33ed6df04b2871 | Clean |
| /etc/crontabs/root | 283 bytes | 575d810a9fae5f2f0671c9b2c0ce973e46c7207fbe5cb8d1b0d1836a6a0470e3 | Clean |
| /etc/modules | 15 bytes | 2c881de75a5409c35d2433a24f180b8b02ba478ef2c1c60ea3434a35bcbc335d | Clean |
| /lib/libcrypto.so.1.1 | 2.5 MB | 58713fb6a34d65889d9a1e333e109a068532b32a7750eb6b02ff42d721974fec | Clean |
| /etc/sysctl.d/00-alpine.conf | 1 kB | 7d11e1fb448b04837d13f36cd3215f7bf8884e6511a3e0f5176973568639d5d0 | Clean |
| /etc/shadow | 422 bytes | 2d6f677c66af468f483597fbaa53dbe7150eb925a111c2da25c96220915c6a1a | Clean |
| /etc/ssl/misc/CA.pl | 7 kB | 61ab95f7e96f2b0f2acdcafb8afde2f6c43e899416397230c2fae9c1e701e45b | Clean |
| /usr/bin/ldd | 52 bytes | 9a49c2541a439be89f1ef1496604ef3b607f460d589877c60775acf74cdb5dfb | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub /etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub |
451 bytes | 9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 | Clean |
| /etc/profile.d/locale | 40 bytes | 9c6b1360864c4f43707e0d9f32d5e035c94acfde948190bf52d2f9a2c1b58fb3 | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub | 451 bytes | 9a4cd858d9710963848e6d5f555325dc199d1c952b01cf6e64da2c15deedbd97 | Clean |
| /etc/passwd | 1 kB | 2e0902cf0a7f64bf4e64ef2fad66ae977b4d01975dddf5352a84aea5c4e901f0 | Clean |
| /config.json | 2 kB | 107ca79e3e9d3d43b8049ea3e0ea28d37396243f0d76dba9cb63cf71b9a1f378 | Clean |
| /usr/bin/getent | 52 kB | 2ebc70a0c3d723d2728d59692dcaeee03a37112ba89c29c20c30c1454c10afee | Clean |
| /etc/fstab | 89 bytes | a3efca2e8d62785c87517283092b4c800d88612b6f3f06b80a4c2f39d8e68841 | Clean |
| /etc/apk/world | 59 bytes | 713e3907167dce202d7c16034831af3d670191382a3e9026e0ac0a4023013201 | Clean |
| /etc/motd | 283 bytes | 4ada0c700c4460f85252987092650c6708f17b4ccebc9ae4fcf8732089a1485f | Clean |
| /etc/modprobe.d/kms.conf | 91 bytes | 50467fa732f809f3a2bb5738628765c5f895c3a237e1c1ad09f85d41fd9ca7c5 | Clean |
| /usr/bin/iconv | 26 kB | 9a2d92fbe58d8feb96697ceb9453ec6b499135ee8065f756f536517d3dbac311 | Clean |
| /etc/logrotate.d/acpid | 140 bytes | d608a3b7715886b5735def0cc50a6359fd364fac2e0e0a459c588c04be471031 | Clean |
| /etc/shells | 38 bytes | 24be6ceb236610df45684c83b06c918ae45635be55f69975e43676b7595bbc5f | Clean |
| /docker-entrypoint.sh | 74 bytes | ac06e3425124a252361d42a43816ab4070e6f40f5fec3cb27e1b0fe69fdeaf5b | Clean |
| /etc/ssl/misc/tsget.pl | 6 kB | ff68a9e8bc3fd0a36fe8f7dbc13f89816333b59197e4a5d4b88a627174058583 | Clean |
| /usr/bin/ssl_client | 14 kB | 0e8fc139464adfca53a2de83ceb20c8955159fce05ee56ac5bee4228e11b04ae | Clean |
| /usr/bin/scanelf | 78 kB | 4d6b5a467bc5e711d3162a28dce8845ff9ae55cb40759d3da60bdc3210467834 | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub | 451 bytes | 1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b | Clean |
| /sbin/apk | 206 kB | 32589d7972aab10af71a52b1f75ba3e4c2473a460d597707bc4c9edff1bcf0c5 | Clean |
| /etc/ssl/openssl.cnf.dist /etc/ssl/openssl.cnf |
11 kB | f10ba64917b4458fafc1e078c2eb9e6a7602e68fc98c2e9e6df5e1636ae27d6b | Clean |
| /etc/ssl/ct_log_list.cnf.dist /etc/ssl/ct_log_list.cnf |
412 bytes | f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b | Clean |
| /usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub | 451 bytes | 73867d92083f2f8ab899a26ccda7ef63dfaa0032a938620eda605558958a8041 | Clean |
| /etc/udhcpd.conf | 5 kB | edf929b3bf6da1fbde03687020739ee97a9a3edc825db6b768e3e2ce08ebbdd3 | Clean |
| /etc/modprobe.d/i386.conf | 122 bytes | 6c46c4cbfb8b7594f19eb94801a350fa2221ae9ac5239a8819d15555caa76ae8 | Clean |
| /lib/apk/db/scripts.tar | 10 kB | e6c6116f4fe0481b5b094f3b11ed0557fcf890e7b1051519df28c83f7b3ee6bd | Clean |
| Filename |
|---|
| /lib/apk/db/lock |
| Symbolic Link | Target | |
|---|---|---|
| /usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub |
| /usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub |
| /usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub |
| /usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub |
| /usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub |
| /usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub |
| /usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub |
| /usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub | → | ../alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub |
| /usr/lib/libtls-standalone.so.1 | → | libtls-standalone.so.1.0.0 |
| /usr/lib/libcrypto.so.1.1 | → | ../../lib/libcrypto.so.1.1 |
| /usr/lib/libssl.so.1.1 | → | ../../lib/libssl.so.1.1 |
| /usr/sbin/readprofile | → | /bin/busybox |
| /usr/sbin/delgroup | → | /bin/busybox |
| /usr/sbin/nbd-client | → | /bin/busybox |
| /usr/sbin/brctl | → | /bin/busybox |
| /usr/sbin/powertop | → | /bin/busybox |
| /usr/sbin/ether-wake | → | /bin/busybox |
| /usr/sbin/chpasswd | → | /bin/busybox |
| /usr/sbin/setfont | → | /bin/busybox |
| /usr/sbin/sendmail | → | /bin/busybox |
| /usr/sbin/readahead | → | /bin/busybox |
| /usr/sbin/fdformat | → | /bin/busybox |
| /usr/sbin/ntpd | → | /bin/busybox |
| /usr/sbin/crond | → | /bin/busybox |
| /usr/sbin/deluser | → | /bin/busybox |
| /usr/sbin/adduser | → | /bin/busybox |
| /usr/sbin/addgroup | → | /bin/busybox |
| /usr/sbin/lspci | → | /bin/busybox |
| /usr/sbin/nanddump | → | /bin/busybox |
| /usr/sbin/chroot | → | /bin/busybox |
| /usr/sbin/rdate | → | /bin/busybox |
| /usr/sbin/partprobe | → | /bin/busybox |
| /usr/sbin/loadfont | → | /bin/busybox |
| /usr/sbin/setlogcons | → | /bin/busybox |
| /usr/sbin/remove-shell | → | /bin/busybox |
| /usr/sbin/arping | → | /bin/busybox |
| /usr/sbin/nandwrite | → | /bin/busybox |
| /usr/sbin/rfkill | → | /bin/busybox |
| /usr/sbin/add-shell | → | /bin/busybox |
| /usr/sbin/rdev | → | /bin/busybox |
| /usr/sbin/killall5 | → | /bin/busybox |
| /usr/sbin/fbset | → | /bin/busybox |
| /usr/bin/cal | → | /bin/busybox |
| /usr/bin/logger | → | /bin/busybox |
| /usr/bin/nslookup | → | /bin/busybox |
| /usr/bin/find | → | /bin/busybox |
| /usr/bin/free | → | /bin/busybox |
| /usr/bin/split | → | /bin/busybox |
| /usr/bin/xzcat | → | /bin/busybox |
| /usr/bin/expand | → | /bin/busybox |
| /usr/bin/smemcap | → | /bin/busybox |
| /usr/bin/pgrep | → | /bin/busybox |
| /usr/bin/ipcrm | → | /bin/busybox |
| /usr/bin/dirname | → | /bin/busybox |
| /usr/bin/which | → | /bin/busybox |
| /usr/bin/lsusb | → | /bin/busybox |
| /usr/bin/mkfifo | → | /bin/busybox |
| /usr/bin/pkill | → | /bin/busybox |
| /usr/bin/hd | → | /bin/busybox |
| /usr/bin/[[ | → | /bin/busybox |
| /usr/bin/ipcs | → | /bin/busybox |
| /usr/bin/uptime | → | /bin/busybox |
| /usr/bin/tr | → | /bin/busybox |
| /usr/bin/id | → | /bin/busybox |
| /usr/bin/udhcpc6 | → | /bin/busybox |
| /usr/bin/timeout | → | /bin/busybox |
| /usr/bin/ttysize | → | /bin/busybox |
| /usr/bin/chvt | → | /bin/busybox |
| /usr/bin/hexdump | → | /bin/busybox |
| /usr/bin/bunzip2 | → | /bin/busybox |
| /usr/bin/unlink | → | /bin/busybox |
| /usr/bin/groups | → | /bin/busybox |
| /usr/bin/sum | → | /bin/busybox |
| /usr/bin/bzip2 | → | /bin/busybox |
| /usr/bin/sha256sum | → | /bin/busybox |
| /usr/bin/unzip | → | /bin/busybox |
| /usr/bin/comm | → | /bin/busybox |
| /usr/bin/nl | → | /bin/busybox |
| /usr/bin/fold | → | /bin/busybox |
| /usr/bin/[ | → | /bin/busybox |
| /usr/bin/printf | → | /bin/busybox |
| /usr/bin/basename | → | /bin/busybox |
| /usr/bin/less | → | /bin/busybox |
| /usr/bin/openvt | → | /bin/busybox |
| /usr/bin/pmap | → | /bin/busybox |
| /usr/bin/mesg | → | /bin/busybox |
| /usr/bin/tac | → | /bin/busybox |
| /usr/bin/blkdiscard | → | /bin/busybox |
| /usr/bin/lsof | → | /bin/busybox |
| /usr/bin/uniq | → | /bin/busybox |
| /usr/bin/cksum | → | /bin/busybox |
| /usr/bin/unshare | → | /bin/busybox |
| /usr/bin/shuf | → | /bin/busybox |
| /usr/bin/eject | → | /bin/busybox |
| /usr/bin/realpath | → | /bin/busybox |
| /usr/bin/factor | → | /bin/busybox |
| /usr/bin/setkeycodes | → | /bin/busybox |
| /usr/bin/uuencode | → | /bin/busybox |
| /usr/bin/vi | → | /bin/busybox |
| /usr/bin/unix2dos | → | /bin/busybox |
| /usr/bin/fallocate | → | /bin/busybox |
| /usr/bin/wc | → | /bin/busybox |
| /usr/bin/passwd | → | /bin/busybox |
| /usr/bin/beep | → | /bin/busybox |
| /usr/bin/nc | → | /bin/busybox |
| /usr/bin/lzcat | → | /bin/busybox |
| /usr/bin/volname | → | /bin/busybox |
| /usr/bin/unxz | → | /bin/busybox |
| /usr/bin/sort | → | /bin/busybox |
| /usr/bin/sha512sum | → | /bin/busybox |
| /usr/bin/sha3sum | → | /bin/busybox |
| /usr/bin/renice | → | /bin/busybox |
| /usr/bin/whois | → | /bin/busybox |
| /usr/bin/yes | → | /bin/busybox |
| /usr/bin/lzma | → | /bin/busybox |
| /usr/bin/whoami | → | /bin/busybox |
| /usr/bin/killall | → | /bin/busybox |
| /usr/bin/vlock | → | /bin/busybox |
| /usr/bin/clear | → | /bin/busybox |
| /usr/bin/nmeter | → | /bin/busybox |
| /usr/bin/readlink | → | /bin/busybox |
| /usr/bin/tee | → | /bin/busybox |
| /usr/bin/unlzop | → | /bin/busybox |
| /usr/bin/time | → | /bin/busybox |
| /usr/bin/cmp | → | /bin/busybox |
| /usr/bin/pwdx | → | /bin/busybox |
| /usr/bin/unlzma | → | /bin/busybox |
| /usr/bin/nsenter | → | /bin/busybox |
| /usr/bin/reset | → | /bin/busybox |
| /usr/bin/dumpleases | → | /bin/busybox |
| /usr/bin/top | → | /bin/busybox |
| /usr/bin/expr | → | /bin/busybox |
| /usr/bin/du | → | /bin/busybox |
| /usr/bin/hostid | → | /bin/busybox |
| /usr/bin/nohup | → | /bin/busybox |
| /usr/bin/xargs | → | /bin/busybox |
| /usr/bin/dc | → | /bin/busybox |
| /usr/bin/paste | → | /bin/busybox |
| /usr/bin/pscan | → | /bin/busybox |
| /usr/bin/traceroute6 | → | /bin/busybox |
| /usr/bin/patch | → | /bin/busybox |
| /usr/bin/xz | → | /bin/busybox |
| /usr/bin/crontab | → | /bin/busybox |
| /usr/bin/shred | → | /bin/busybox |
| /usr/bin/awk | → | /bin/busybox |
| /usr/bin/xxd | → | /bin/busybox |
| /usr/bin/tail | → | /bin/busybox |
| /usr/bin/lzopcat | → | /bin/busybox |
| /usr/bin/fuser | → | /bin/busybox |
| /usr/bin/traceroute | → | /bin/busybox |
| /usr/bin/microcom | → | /bin/busybox |
| /usr/bin/nproc | → | /bin/busybox |
| /usr/bin/resize | → | /bin/busybox |
| /usr/bin/cpio | → | /bin/busybox |
| /usr/bin/strings | → | /bin/busybox |
| /usr/bin/cryptpw | → | /bin/busybox |
| /usr/bin/head | → | /bin/busybox |
| /usr/bin/setsid | → | /bin/busybox |
| /usr/bin/uudecode | → | /bin/busybox |
| /usr/bin/bzcat | → | /bin/busybox |
| /usr/bin/unexpand | → | /bin/busybox |
| /usr/bin/seq | → | /bin/busybox |
| /usr/bin/tty | → | /bin/busybox |
| /usr/bin/wget | → | /bin/busybox |
| /usr/bin/mkpasswd | → | /bin/busybox |
| /usr/bin/md5sum | → | /bin/busybox |
| /usr/bin/truncate | → | /bin/busybox |
| /usr/bin/diff | → | /bin/busybox |
| /usr/bin/od | → | /bin/busybox |
| /usr/bin/dos2unix | → | /bin/busybox |
| /usr/bin/sha1sum | → | /bin/busybox |
| /usr/bin/test | → | /bin/busybox |
| /usr/bin/showkey | → | /bin/busybox |
| /usr/bin/cut | → | /bin/busybox |
| /usr/bin/bc | → | /bin/busybox |
| /usr/bin/env | → | /bin/busybox |
| /usr/bin/flock | → | /bin/busybox |
| /usr/bin/deallocvt | → | /bin/busybox |
| /usr/bin/install | → | /bin/busybox |
| /usr/bin/pstree | → | /bin/busybox |
| /var/spool/cron/crontabs | → | /etc/crontabs |
| /lib/libc.musl-x86_64.so.1 | → | ld-musl-x86_64.so.1 |
| /lib/libz.so.1 | → | libz.so.1.2.11 |
| /sbin/setconsole | → | /bin/busybox |
| /sbin/fsck | → | /bin/busybox |
| /sbin/hwclock | → | /bin/busybox |
| /sbin/findfs | → | /bin/busybox |
| /sbin/poweroff | → | /bin/busybox |
| /sbin/lsmod | → | /bin/busybox |
| /sbin/ifconfig | → | /bin/busybox |
| /sbin/modprobe | → | /bin/busybox |
| /sbin/ifdown | → | /bin/busybox |
| /sbin/klogd | → | /bin/busybox |
| /sbin/nameif | → | /bin/busybox |
| /sbin/arp | → | /bin/busybox |
| /sbin/mkfs.vfat | → | /bin/busybox |
| /sbin/adjtimex | → | /bin/busybox |
| /sbin/fbsplash | → | /bin/busybox |
| /sbin/iptunnel | → | /bin/busybox |
| /sbin/swapon | → | /bin/busybox |
| /sbin/depmod | → | /bin/busybox |
| /sbin/halt | → | /bin/busybox |
| /sbin/sysctl | → | /bin/busybox |
| /sbin/acpid | → | /bin/busybox |
| /sbin/losetup | → | /bin/busybox |
| /sbin/route | → | /bin/busybox |
| /sbin/udhcpc | → | /bin/busybox |
| /sbin/mkdosfs | → | /bin/busybox |
| /sbin/slattach | → | /bin/busybox |
| /sbin/iprule | → | /bin/busybox |
| /sbin/watchdog | → | /bin/busybox |
| /sbin/mkswap | → | /bin/busybox |
| /sbin/mdev | → | /bin/busybox |
| /sbin/fstrim | → | /bin/busybox |
| /sbin/swapoff | → | /bin/busybox |
| /sbin/rmmod | → | /bin/busybox |
| /sbin/getty | → | /bin/busybox |
| /sbin/ipaddr | → | /bin/busybox |
| /sbin/reboot | → | /bin/busybox |
| /sbin/raidautorun | → | /bin/busybox |
| /sbin/switch_root | → | /bin/busybox |
| /sbin/modinfo | → | /bin/busybox |
| /sbin/vconfig | → | /bin/busybox |
| /sbin/ip | → | /bin/busybox |
| /sbin/syslogd | → | /bin/busybox |
| /sbin/init | → | /bin/busybox |
| /sbin/iplink | → | /bin/busybox |
| /sbin/loadkmap | → | /bin/busybox |
| /sbin/insmod | → | /bin/busybox |
| /sbin/blkid | → | /bin/busybox |
| /sbin/ifup | → | /bin/busybox |
| /sbin/ipneigh | → | /bin/busybox |
| /sbin/tunctl | → | /bin/busybox |
| /sbin/ifenslave | → | /bin/busybox |
| /sbin/nologin | → | /bin/busybox |
| /sbin/iproute | → | /bin/busybox |
| /sbin/logread | → | /bin/busybox |
| /sbin/inotifyd | → | /bin/busybox |
| /sbin/hdparm | → | /bin/busybox |
| /sbin/blockdev | → | /bin/busybox |
| /sbin/fdisk | → | /bin/busybox |
| /etc/mtab | → | /proc/mounts |
| /etc/ssl/misc/tsget | → | tsget.pl |
| /bin/dmesg | → | /bin/busybox |
| /bin/gunzip | → | /bin/busybox |
| /bin/linux64 | → | /bin/busybox |
| /bin/ping | → | /bin/busybox |
| /bin/ed | → | /bin/busybox |
| /bin/cat | → | /bin/busybox |
| /bin/ps | → | /bin/busybox |
| /bin/nice | → | /bin/busybox |
| /bin/chown | → | /bin/busybox |
| /bin/ipcalc | → | /bin/busybox |
| /bin/pipe_progress | → | /bin/busybox |
| /bin/kill | → | /bin/busybox |
| /bin/umount | → | /bin/busybox |
| /bin/mktemp | → | /bin/busybox |
| /bin/ls | → | /bin/busybox |
| /bin/pidof | → | /bin/busybox |
| /bin/stty | → | /bin/busybox |
| /bin/fgrep | → | /bin/busybox |
| /bin/reformime | → | /bin/busybox |
| /bin/ash | → | /bin/busybox |
| /bin/touch | → | /bin/busybox |
| /bin/rev | → | /bin/busybox |
| /bin/setserial | → | /bin/busybox |
| /bin/true | → | /bin/busybox |
| /bin/mkdir | → | /bin/busybox |
| /bin/chgrp | → | /bin/busybox |
| /bin/grep | → | /bin/busybox |
| /bin/iostat | → | /bin/busybox |
| /bin/su | → | /bin/busybox |
| /bin/bbconfig | → | /bin/busybox |
| /bin/sh | → | /bin/busybox |
| /bin/date | → | /bin/busybox |
| /bin/conspy | → | /bin/busybox |
| /bin/getopt | → | /bin/busybox |
| /bin/kbd_mode | → | /bin/busybox |
| /bin/ionice | → | /bin/busybox |
| /bin/zcat | → | /bin/busybox |
| /bin/makemime | → | /bin/busybox |
| /bin/uname | → | /bin/busybox |
| /bin/sync | → | /bin/busybox |
| /bin/mpstat | → | /bin/busybox |
| /bin/false | → | /bin/busybox |
| /bin/netstat | → | /bin/busybox |
| /bin/mknod | → | /bin/busybox |
| /bin/dnsdomainname | → | /bin/busybox |
| /bin/base64 | → | /bin/busybox |
| /bin/ping6 | → | /bin/busybox |
| /bin/dd | → | /bin/busybox |
| /bin/setpriv | → | /bin/busybox |
| /bin/sed | → | /bin/busybox |
| /bin/printenv | → | /bin/busybox |
| /bin/more | → | /bin/busybox |
| /bin/usleep | → | /bin/busybox |
| /bin/chmod | → | /bin/busybox |
| /bin/dumpkmap | → | /bin/busybox |
| /bin/cp | → | /bin/busybox |
| /bin/ln | → | /bin/busybox |
| /bin/watch | → | /bin/busybox |
| /bin/stat | → | /bin/busybox |
| /bin/mv | → | /bin/busybox |
| /bin/rm | → | /bin/busybox |
| /bin/mountpoint | → | /bin/busybox |
| /bin/linux32 | → | /bin/busybox |
| /bin/tar | → | /bin/busybox |
| /bin/mount | → | /bin/busybox |
| /bin/lzop | → | /bin/busybox |
| /bin/rmdir | → | /bin/busybox |
| /bin/df | → | /bin/busybox |
| /bin/gzip | → | /bin/busybox |
| /bin/egrep | → | /bin/busybox |
| /bin/hostname | → | /bin/busybox |
| /bin/arch | → | /bin/busybox |
| /bin/link | → | /bin/busybox |
| /bin/run-parts | → | /bin/busybox |
| /bin/fatattr | → | /bin/busybox |
| /bin/pwd | → | /bin/busybox |
| /bin/echo | → | /bin/busybox |
| /bin/login | → | /bin/busybox |
| /bin/sleep | → | /bin/busybox |
| /bin/fsync | → | /bin/busybox |
| /bin/fdflush | → | /bin/busybox |
ML Scan
The following x86/x64 ELF executable was identified and scanned with Prevasio's Machine Learning classifier️
| Filename | File Size | SHA-256 | ELF Executable | Scan Result |
|---|---|---|---|---|
| /xmrig | 7.4 MB | d5aa7968369eecb33ae14c5bb015f0635c31a8a4c6fb130b85570730daa6b47f | x64 | Benign |
System Events
During container runtime, a number of system events were generatedThese events include file, process, network events, and also the most critical kernel syscalls
| PID | Glyph | Object | Call | Parameters |
|---|---|---|---|---|
| [1846] |
|
PROCESS | FORK | forkCloneFlags=0x8011, forkChildPid=1847 |
| [1847] |
|
PROCESS | FORK | forkCloneFlags=0x8011, forkChildPid=1849 |
| [1847] |
|
PROCESS | EXIT | exitCode=0 |
| [1846] |
|
PROCESS | EXIT | exitCode=0 |
| [1849] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1850 |
| [1849] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1851 |
| [1849] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1852 |
| [1849] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1853 |
| [1849] |
|
SYSCALL | sys_socket() | domain=AF_NETLINK, protocol=0, type=SOCK_RAW |
| [1849] |
|
SYSCALL | sys_socket() | ret=6 |
| [1849] |
|
NETWORK | BIND_ATTEMPT | sockfd=6 |
| [1849] |
|
PROCESS | UPDATE | updateCwd="/" |
| [1849] |
|
PROCESS | EXEC | execFilename="/bin/sh", execCommandLine="/bin/sh -c /docker-entrypoint.sh" |
| [1851] |
|
PROCESS | EXIT | exitCode=0 |
| [1850] |
|
PROCESS | EXIT | exitCode=0 |
| [1853] |
|
PROCESS | EXIT | exitCode=0 |
| [1852] |
|
PROCESS | EXIT | exitCode=0 |
| [1849] |
|
PROCESS | EXEC | execFilename="/docker-entrypoint.sh", execCommandLine="/docker-entrypoint.sh" |
| [1849] |
|
PROCESS | FORK | forkCloneFlags=0x11, forkChildPid=1886 |
| [1886] |
|
PROCESS | EXEC | execFilename="/bin/sed", execCommandLine="sed -i s/docker//g /config.json" |
| [1886] |
|
FILE | CREATE | filename="/config.jsonBEmJJO", flags=O_RDONLY, mode="rw-------" |
| [1886] |
|
FILE | ATTRIBUTE_CHANGE | filename="/config.jsonBEmJJO" |
| [1886] |
|
FILE | RENAME | newname="/config.json", oldname="/config.jsonBEmJJO" |
| [1886] |
|
PROCESS | EXIT | exitCode=0 |
| [1849] |
|
PROCESS | FORK | forkCloneFlags=0x11, forkChildPid=1889 |
| [1889] |
|
PROCESS | EXEC | execFilename="/xmrig", execCommandLine="/xmrig -c /config.json" |
| [1889] |
|
SYSCALL | sys_socket() | domain=AF_NETLINK, protocol=0, type=SOCK_STREAM | SOCK_DGRAM |
| [1889] |
|
SYSCALL | sys_socket() | ret=10 |
| [1889] |
|
NETWORK | BIND_ATTEMPT | sockfd=10 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1895 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1896 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1897 |
| [1897] |
|
PROCESS | EXIT | exitCode=0 |
| [1896] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x100011, forkChildPid=1898 |
| [1898] |
|
PROCESS | EXEC | execFilename="/bin/sh", execCommandLine="sh -c" |
| [1898] |
|
PROCESS | EXEC | execFilename="/sbin/modprobe", execCommandLine="/sbin/modprobe msr" |
| [1898] |
|
PROCESS | EXIT | exitCode=256 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1899 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1900 |
| [1899] |
|
PROCESS | EXIT | exitCode=0 |
| [1900] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1904 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1905 |
| [1904] |
|
PROCESS | EXIT | exitCode=0 |
| [1905] |
|
PROCESS | EXIT | exitCode=0 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1906 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1907 |
| [1907] |
|
PROCESS | EXIT | exitCode=0 |
| [1906] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1908 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1909 |
| [1908] |
|
PROCESS | EXIT | exitCode=0 |
| [1909] |
|
PROCESS | EXIT | exitCode=0 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1910 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1911 |
| [1911] |
|
PROCESS | EXIT | exitCode=0 |
| [1910] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1912 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1913 |
| [1912] |
|
PROCESS | EXIT | exitCode=0 |
| [1913] |
|
PROCESS | EXIT | exitCode=0 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1914 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1915 |
| [1914] |
|
PROCESS | EXIT | exitCode=0 |
| [1915] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1916 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1917 |
| [1916] |
|
PROCESS | EXIT | exitCode=0 |
| [1917] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1918 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1919 |
| [1918] |
|
PROCESS | EXIT | exitCode=0 |
| [1919] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1920 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1921 |
| [1921] |
|
PROCESS | EXIT | exitCode=0 |
| [1920] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1922 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1923 |
| [1922] |
|
PROCESS | EXIT | exitCode=0 |
| [1923] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1924 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1925 |
| [1924] |
|
PROCESS | EXIT | exitCode=0 |
| [1925] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1926 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1927 |
| [1889] |
|
FILE | ATTRIBUTE_CHANGE | filename="/config.json" |
| [1889] |
|
FILE | MODIFY | filename="/config.json" |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1928 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1929 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1930 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1931 |
| [1889] |
|
SYSCALL | sys_socket() | domain=AF_INET, protocol=0, type=SOCK_STREAM |
| [1889] |
|
SYSCALL | sys_socket() | ret=12 |
| [1889] |
|
NETWORK | CONNECT_ATTEMPT | protocol=AF_INET, ip=118.190.200.162, sockfd=12, port=3333 |
| [1926] |
|
PROCESS | EXIT | exitCode=0 |
| [1927] |
|
PROCESS | EXIT | exitCode=0 |
| [1889] |
|
PROCESS | FORK | forkCloneFlags=0x100011, forkChildPid=1932 |
| [1932] |
|
PROCESS | EXEC | execFilename="/bin/sh", execCommandLine="sh -c" |
| [1932] |
|
PROCESS | EXEC | execFilename="/sbin/modprobe", execCommandLine="/sbin/modprobe msr" |
| [1932] |
|
PROCESS | EXIT | exitCode=256 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1933 |
| [1895] |
|
PROCESS | FORK | forkCloneFlags=0x3d0f00, forkChildPid=1934 |
Event Graph
The following graph represents the most important system events and their relation to each other