Date: 07/10/2024
Severity: Medium
Summary
The article "Examining Water Sigbin's Infection Routine Leading to a XMRig Cryptominer" explores how the Water Sigbin malware infects systems and deploys the XMRig cryptominer. It details the malware's infection methods, including propagation and evasion techniques, and analyzes how it sets up and operates the cryptominer to illicitly mine cryptocurrency, particularly Monero (XMR). The study provides insights into the malware's impact and strategies for detection and mitigation.
Indicators of Compromise (IOC) List
IP Address | 89.169.52.37 |
Hash |
e6e69e85962a402a35cbc5b75571dab3739c0b2f3861ba5853dbd140bae4e4da
f4d11b36a844a68bf9718cf720984468583efa6664fc99966115a44b9a20aa33
0bf87b0e65713bf35c8cf54c9fa0015fa629624fd590cb4ba941cd7cdeda8050
b380b771c7f5c2c26750e281101873772e10c8c1a0d2a2ff0aff1912b569ab93
2e32c5cea00f8e4c808eae806b14585e8672385df7449d2f6575927537ce8884 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
IP Address | dstipaddress IN ("89.169.52.37") or ipaddress IN ("89.169.52.37") or publicipaddress IN ("89.169.52.37") or srcipaddress IN ("89.169.52.37") |
Hash |
sha256hash IN ("b380b771c7f5c2c26750e281101873772e10c8c1a0d2a2ff0aff1912b569ab93","0bf87b0e65713bf35c8cf54c9fa0015fa629624fd590cb4ba941cd7cdeda8050","2e32c5cea00f8e4c808eae806b14585e8672385df7449d2f6575927537ce8884","f4d11b36a844a68bf9718cf720984468583efa6664fc99966115a44b9a20aa33","e6e69e85962a402a35cbc5b75571dab3739c0b2f3861ba5853dbd140bae4e4da") |
Reference:
https://www.trendmicro.com/en_ae/research/24/f/water-sigbin-xmrig.html