kswapd0

First submission 2024-09-03 08:48:02

File details

File type: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=e7f61c45eb79631ce2cf9f703685ddd548381b88, for GNU/Linux 3.2.0, stripped
Mime type: application/x-executable
File size: 7834.9 KB (8022936 bytes)
MD5: c0e7b431a14c58cf3b6a1e704fc2341f
SHA1: 26de8c285002a2227caa41f074ba21cc1ca30ed1
SHA256: 46d91558750d2365d7df047140bdf96bf0107748799678b873bef6a4d1fc7bf8

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 38/79 VT report date: 2024-05-06 00:13:35
Malware Type 3 miner pua trojan
Threat Type 2 xmrig zmiop

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://80.76.176.23/kswapd0 VirusTotal Report 80.76.176.23 VirusTotal Report 2024-09-03 08:48:02

Strings analysis - File found

Executable
lib%s.so
XML
topology.xml

Strings analysis - Possible IPs found 1

127.0.0.1

Strings analysis - Possible URLs found 7

https://gcc.gnu.org/bugsrg/bugs/):
https://xmrig.com/wizard
https://xmrig.com/docs/algorithms
http://www.debian.org/Bugs/
http://
https://xmrig.com/benchmark/%s
https://