Report - anonsharing.com/file/fcd511aeb8b96fef/xmrig-6.21.0.zip

Report Overview

Visited public
2025-02-16 14:41:24
Tags
URL
anonsharing.com/file/fcd511aeb8b96fef/xmrig-6.21.0.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s3.ca-central-1.wasabisys.com	unknown	2017-04-07	2022-03-03	2025-02-09	906 B	3.4 MB	38.143.146.101
anonsharing.com	unknown	2023-03-28	2023-03-28	2025-02-16	1.2 kB	6.8 MB	104.21.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-16 14:40:53	low	Client IP	38.143.146.101	ET INFO Commonly Abused File Sharing Domain (wasabisys .com) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
s3.ca-central-1.wasabisys.com/anonsharing/cf/cff212ea1cae4cc9d6f1853d7c497f91?response-content-disposition=filename%3Dxmrig-6.21.0.zip&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250216T144053Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=1d01a796aff3152bc7389bc55b16cf91960db952a454b502537216d7b4bfd4a1
IP
38.143.146.101
ASN
#395717 BLUEARCHIVE-ZONE-1

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.4 MB (3417311 bytes)
Hash
45fb11e5479cd141e30f25cab2352fea
11bad3806750de81be5afa9aa17cd3ed0e773028
1e68b765aae29859b569d61672025b033f5b0320bdf76da7dd92a3808027b39d

Archive (10)

Filename

Md5

File type

benchmark_10M.cmd

5be1c4cacb5ae37c43527e99a097dc7a

DOS batch file, ASCII text

benchmark_1M.cmd

cba1927cf6959dc99ecbd0c553e4db6f

DOS batch file, ASCII text

config.json

72917a95596021bf13bc2870e752ac9b

JSON text data

pool_mine_example.cmd

2e737f5c3af9c8aa5216dfdc5be02cc6

ASCII text

rtm_ghostrider_example.cmd

3f0155abe745be1f6089eafc4f517ac8

ASCII text

SHA256SUMS

617561cc39e6650b0965e41dc341998e

ASCII text

solo_mine_example.cmd

090703e56f46330ed625ac4363c9d25c

ASCII text

start.cmd

eaf3a00cc0465f8af471b849ada29843

DOS batch file, ASCII text, with CRLF line terminators

WinRing0x64.sys

0c0195c48b6b8582fa6f6373032118da

PE32+ executable (native) x86-64, for MS Windows, 6 sections

xmrig.exe

e2fe87cc2c7dab8ca6516620dccd1381

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Public Nextron YARA rules	malware	Detects Monero Crypto Coin Miner
Public Nextron YARA rules	malware	Detects Monero mining software
Elastic Security YARA Rules	malware	Linux.Trojan.Pornoasset
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Xmrig
VirusTotal	malicious	VirusTotal - Scan result 51/67
ClamAV	malicious	Win.Coinminer.Generic-7151250-0

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

GET s3.ca-central-1.wasabisys.com/anonsharing/cf/cff212ea1cae4cc9d6f1853d7c497f91?response-content-disposition=filename%3Dxmrig-6.21.0.zip&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250216T144053Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=1d01a796aff3152bc7389bc55b16cf91960db952a454b502537216d7b4bfd4a1

38.143.146.101

200 OK

3.4 MB

URL User Request GET HTTP/1.1
s3.ca-central-1.wasabisys.com/anonsharing/cf/cff212ea1cae4cc9d6f1853d7c497f91?response-content-disposition=filename%3Dxmrig-6.21.0.zip&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250216T144053Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=1d01a796aff3152bc7389bc55b16cf91960db952a454b502537216d7b4bfd4a1
IP
38.143.146.101:443
ASN
#395717 BLUEARCHIVE-ZONE-1

Certificate
IssuerDigiCert Inc
Subject*.s3.ca-central-1.wasabisys.com
Fingerprint44:5A:F0:D3:C3:43:58:C1:7B:BA:B6:D2:DC:36:B4:9C:F9:55:46:39
ValidityThu, 08 Feb 2024 00:00:00 GMT - Sun, 02 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.4 MB (3417311 bytes)
Hash
45fb11e5479cd141e30f25cab2352fea
11bad3806750de81be5afa9aa17cd3ed0e773028
1e68b765aae29859b569d61672025b033f5b0320bdf76da7dd92a3808027b39d

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 51/67
ClamAV	malicious	Win.Coinminer.Generic-7151250-0

HTTP Headers

GET /anonsharing/cf/cff212ea1cae4cc9d6f1853d7c497f91?response-content-disposition=filename%3Dxmrig-6.21.0.zip&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250216T144053Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=1d01a796aff3152bc7389bc55b16cf91960db952a454b502537216d7b4bfd4a1 HTTP/1.1
Host: s3.ca-central-1.wasabisys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: filename=xmrig-6.21.0.zip
Content-Length: 3417311
Content-Type: application/octet-stream
Date: Sun, 16 Feb 2025 14:40:54 GMT
ETag: "45fb11e5479cd141e30f25cab2352fea"
Last-Modified: Fri, 07 Feb 2025 10:27:12 GMT
Server: WasabiS3/7.21.4959-2025-01-14-7f367e51f7
x-amz-id-2: +ygua32ZqNPFMcschQyV/k/6PpPmik1LQ1WJvAPHayiwIAFDsdXW2J+rSogOhZFPZJx9QuIayrxL
x-amz-request-id: 709846975D6CA2D3:B
x-wasabi-cm-reference-id: 1739716853875 38.143.146.101 ConID:1637914624/EngineConID:15715470/Core:103

GET anonsharing.com/file/fcd511aeb8b96fef/xmrig-6.21.0.zip

104.21.96.1

302 Found

3.4 MB

URL User Request GET HTTP/2
anonsharing.com/file/fcd511aeb8b96fef/xmrig-6.21.0.zip
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectanonsharing.com
Fingerprint5A:1F:B1:4B:9F:17:2D:E2:BB:4A:DF:77:A7:6B:D4:85:A9:F7:70:85
ValidityTue, 21 Jan 2025 17:09:37 GMT - Mon, 21 Apr 2025 18:08:18 GMT

File type

Size
3.4 MB (3417311 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /file/fcd511aeb8b96fef/xmrig-6.21.0.zip HTTP/1.1
Host: anonsharing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 16 Feb 2025 14:40:53 GMT
content-type: text/html; charset=UTF-8
location: https://anonsharing.com/fcd511aeb8b96fef/xmrig-6.21.0.zip?download_token=77360ddd6785865dd91486ee75a0c108aa5576ac8932f7064233c24f000bfdc8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, no-cache, private
pragma: no-cache
set-cookie: filehosting=ea823d03d929471d60fd8c07f6bef32a; expires=Mon, 17-Feb-2025 14:40:53 GMT; Max-Age=86400; path=/
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrAUamAWXRAkOrFkevN8c5Ws6xSYGMesGsmuUzcOsY%2FHbqcsJZ3ei%2BZX45KF5Jkwc9Z8torKycf7Hkqk59zTZ7OH%2F7ypY2OF1GZPyLFQnFU6eMm7N4RRPJwnoe5LOnZn%2FNU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 912e4b9b78035694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=6006&min_rtt=434&rtt_var=11118&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3208&recv_bytes=1152&delivery_rate=7180165&cwnd=254&unsent_bytes=0&cid=885e4094196a9fd3&ts=420&x=0"
X-Firefox-Spdy: h2

GET anonsharing.com/fcd511aeb8b96fef/xmrig-6.21.0.zip?download_token=77360ddd6785865dd91486ee75a0c108aa5576ac8932f7064233c24f000bfdc8

104.21.96.1

302 Found

3.4 MB

URL User Request GET HTTP/2
anonsharing.com/fcd511aeb8b96fef/xmrig-6.21.0.zip?download_token=77360ddd6785865dd91486ee75a0c108aa5576ac8932f7064233c24f000bfdc8
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectanonsharing.com
Fingerprint5A:1F:B1:4B:9F:17:2D:E2:BB:4A:DF:77:A7:6B:D4:85:A9:F7:70:85
ValidityTue, 21 Jan 2025 17:09:37 GMT - Mon, 21 Apr 2025 18:08:18 GMT

File type

Size
3.4 MB (3417311 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fcd511aeb8b96fef/xmrig-6.21.0.zip?download_token=77360ddd6785865dd91486ee75a0c108aa5576ac8932f7064233c24f000bfdc8 HTTP/1.1
Host: anonsharing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: filehosting=ea823d03d929471d60fd8c07f6bef32a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 16 Feb 2025 14:40:53 GMT
content-type: application/x-zip-compressed
location: https://s3.ca-central-1.wasabisys.com/anonsharing/cf/cff212ea1cae4cc9d6f1853d7c497f91?response-content-disposition=filename%3Dxmrig-6.21.0.zip&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250216T144053Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=1d01a796aff3152bc7389bc55b16cf91960db952a454b502537216d7b4bfd4a1
expires: 0
cache-control: must-revalidate, post-check=0, pre-check=0, no-cache, private
pragma: public
accept-ranges: bytes
access-control-allow-origin: https://anonsharing.com
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description
access-control-allow-credentials: true
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ggE%2Bk5hfKTHmQA5%2BwrpnvghBTxuDNVyru9ydJ9%2Btg%2FHZAD0iEIq%2BHuWUwO2%2BMZIDxJVGNMDj%2B7sxFKWwqn5op18HKdFYaYquTZEXpae7IV7YrfwiWG5qLHKy5VeYJBifWLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 912e4b9e1d675694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=4691&min_rtt=434&rtt_var=6669&sent=11&recv=15&lost=0&retrans=0&sent_bytes=5434&recv_bytes=1333&delivery_rate=7180165&cwnd=257&unsent_bytes=0&cid=885e4094196a9fd3&ts=691&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (10)

Detections

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers