Report - s3.amazonaws.com/awesomeminer-download/claymore_zecminer

Report Overview

Submitted URL
s3.amazonaws.com/awesomeminer-download/claymore_zecminer_v12.6.zip
IP
52.216.144.165
ASN
#16509 AMAZON-02
Submitted
2024-05-08 01:12:46
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s3.amazonaws.com	unknown	2005-08-18	2020-05-13	2024-03-23	520 B	8.3 MB	16.182.39.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s3.amazonaws.com/awesomeminer-download/claymore_zecminer_v12.6.zip
IP
16.182.39.0
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
8.3 MB (8307656 bytes)
Hash
0baec155c1e0f4c96cb1abd76592d2ba
b1cda919fed831b9c5d6cac6e1e1c9ca0b04e3af
28acf856aa97272ee286e91993dfd66f007b2b1ba857bcdabdb1691e57c76e3f

Archive (24)

Filename

Md5

File type

config.txt

c1ab98e4c14cf96ee26389db23aff3b7

ASCII text, with CRLF line terminators

Data.bin

f685a20049ed33a83eba8a896401e469

data

Data1a1.bin

55b13844d0bad54273351809796e34cc

data

Data1b1.bin

96ae5abe22369d13e76ad7c760d080ed

data

Data1c1.bin

9ef3d909187636dd972b3db757621614

data

Data1d1.bin

b6b0a776d4b49569b958583be6dd13b9

data

Data1e1.bin

8581cef4e63aefe5500185182bbd403a

data

Data1g1.bin

8da6b3badcab526f489e329c39385f2a

data

Data1h1.bin

5b0439bb9dc305a4e0cfc66b95e33a7e

data

Data1i1.bin

e310a8f1ffb786a868d2cefa5976f9b0

data

Data2.bin

c046219e6f22ae6fda611642c2cd7fa6

data

epools.txt

64e8f9b5752bb6b44bb76ffb522572aa

ASCII text, with CRLF line terminators

History.txt

ff3f52758ee37b3e9f2f4aa0b5d87bbb

ASCII text, with CRLF line terminators

License.txt

6057be208be9d1661ce92237c0cf5325

ASCII text, with CRLF line terminators

msvcr110.dll

7c3b449f661d99a9b1033a14033d2987

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Readme!!!.txt

d7d5a950e7b83d17b67c60f13a0db068

ISO-8859 text, with very long lines (528), with CRLF line terminators

API.txt

c6065da26297ca6aebfb6a814b571cda

ASCII text, with CRLF line terminators

EthMan.exe

de8e252012047320d79ead835701d6dc

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

libeay32.dll

6b1246a5acb66b077b3e9c8ee2e6a3df

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

readme.txt

c7e2b21f3c043860f1636de3f7297373

ASCII text, with CRLF line terminators

sample.bat

56c9f99b79b869a2f9e0159bb16e1227

DOS batch file, ASCII text, with CRLF line terminators

ssleay32.dll

e1f3b02f7670b6f92cf05ac7628297aa

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

start.bat

688151396e0f63156d17c220119ff339

ASCII text, with no line terminators

ZecMiner64.exe

54e6aa961ebfb28b9d0149bd63f75ebe

PE32+ executable (console) x86-64, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
Public Nextron YARA rules	malware	Detects helper script used in a crypto miner campaign
VirusTotal	malicious	VirusTotal - Scan result 48/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

s3.amazonaws.com/awesomeminer-download/claymore_zecminer_v12.6.zip

16.182.39.0

200 OK

8.3 MB

URL User Request GET HTTP/1.1
s3.amazonaws.com/awesomeminer-download/claymore_zecminer_v12.6.zip
IP
16.182.39.0:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjects3.amazonaws.com
Fingerprint82:A2:80:27:89:C3:32:0E:1E:77:2D:6F:F3:3D:19:D3:97:36:BC:7C
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sat, 11 Jan 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
8.3 MB (8307656 bytes)
Hash
0baec155c1e0f4c96cb1abd76592d2ba
b1cda919fed831b9c5d6cac6e1e1c9ca0b04e3af
28acf856aa97272ee286e91993dfd66f007b2b1ba857bcdabdb1691e57c76e3f

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 48/66

HTTP Headers

GET /awesomeminer-download/claymore_zecminer_v12.6.zip HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 33Fbcyw3SUh6l5vanjRU/qwPjD9olUov0yJW88jRqwy3pScwWoMcVLRjpxyT70uOcLSkK5zZYlM=
x-amz-request-id: HTVTYZH0MHMBKSZ3
Date: Wed, 08 May 2024 01:12:19 GMT
Last-Modified: Thu, 31 Aug 2017 20:02:26 GMT
ETag: "0baec155c1e0f4c96cb1abd76592d2ba"
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Server: AmazonS3
Content-Length: 8307656

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers