Report - github.com/RainbowMiner/miner-binaries/releases/download/v6.20.0-xmrig/xmrig-6.20.0-msvc-cuda11

Report Overview

Submitted URL
github.com/RainbowMiner/miner-binaries/releases/download/v6.20.0-xmrig/xmrig-6.20.0-msvc-cuda11_6-win64.7z
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-03-28 15:18:32
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
19

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	560 B	4.0 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-03-28	1.0 kB	17 MB	185.199.109.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/134072551/20b731ca-4ca6-4ea9-90e5-9e1851a8b4d0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T151740Z&X-Amz-Expires=300&X-Amz-Signature=06364193c0cc3c8abd54ecf7b33c1c2c8e7cce1fa336d658e45b0df7536b7b34&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=134072551&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.20.0-msvc-cuda11_6-win64.7z&response-content-type=application%2Foctet-stream
IP
185.199.109.133
ASN
#54113 FASTLY

File type
7-zip archive data, version 0.4
Size
17 MB (17190578 bytes)
Hash
edcacde189ef9bd11fc71c417fd9a6b3
8c964ccd0f59f704dfd9636d9819a20d62578d11
eb29171aa46df91714a0f21263472e64769428e58ef6c2789dc6bd72219f704e

Archive (13)

Filename

Md5

File type

benchmark_10M.cmd

5be1c4cacb5ae37c43527e99a097dc7a

DOS batch file, ASCII text

benchmark_1M.cmd

cba1927cf6959dc99ecbd0c553e4db6f

DOS batch file, ASCII text

config.json

f7e601938baefd87b9b34c696009d6a5

JSON text data

pool_mine_example.cmd

2e737f5c3af9c8aa5216dfdc5be02cc6

ASCII text

rtm_ghostrider_example.cmd

3f0155abe745be1f6089eafc4f517ac8

ASCII text

solo_mine_example.cmd

090703e56f46330ed625ac4363c9d25c

ASCII text

start.cmd

6eb783bc229f92d0f8285500928ac8a1

DOS batch file, ASCII text, with CRLF line terminators

nvrtc-builtins64_116.dll

f3a9ba13dac65eab566d927a6f18d88f

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections

nvrtc64_112_0.dll

fc1490fe6436ce849cb8ce90d2bcecf0

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

WinRing0x64.sys

0c0195c48b6b8582fa6f6373032118da

PE32+ executable (native) x86-64, for MS Windows, 6 sections

xmrig-cuda.dll

c6e9fefbce8977ade25e38e1b983e57d

PE32+ executable (DLL) (console) x86-64, for MS Windows, 9 sections

xmrig-mo.exe

83140511d4bd5441b6f9886093ae72e0

PE32+ executable (console) x86-64, for MS Windows, 10 sections

xmrig.exe

e06139d1e4b035a01a5afa3e0b674225

PE32+ executable (console) x86-64, for MS Windows, 10 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0x64.sys
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic
Public Nextron YARA rules	malware	Detects XMRIG crypto coin miners
Public Nextron YARA rules	malware	Detects Monero Crypto Coin Miner
Public Nextron YARA rules	malware	Detects Monero mining software
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Xmrig
Public Nextron YARA rules	malware	Detects XMRIG crypto coin miners
Public Nextron YARA rules	malware	Detects Monero Crypto Coin Miner
Public Nextron YARA rules	malware	Detects Monero mining software
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Generic
Elastic Security YARA Rules	malware	MacOS.Cryptominer.Xmrig
VirusTotal	malicious	VirusTotal - Scan result 36/60

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/RainbowMiner/miner-binaries/releases/download/v6.20.0-xmrig/xmrig-6.20.0-msvc-cuda11_6-win64.7z

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/RainbowMiner/miner-binaries/releases/download/v6.20.0-xmrig/xmrig-6.20.0-msvc-cuda11_6-win64.7z
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /RainbowMiner/miner-binaries/releases/download/v6.20.0-xmrig/xmrig-6.20.0-msvc-cuda11_6-win64.7z HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Thu, 28 Mar 2024 15:17:40 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/134072551/20b731ca-4ca6-4ea9-90e5-9e1851a8b4d0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T151740Z&X-Amz-Expires=300&X-Amz-Signature=06364193c0cc3c8abd54ecf7b33c1c2c8e7cce1fa336d658e45b0df7536b7b34&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=134072551&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.20.0-msvc-cuda11_6-win64.7z&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 373B:3FA4F4:120AA62:123265F:66058A14
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/134072551/20b731ca-4ca6-4ea9-90e5-9e1851a8b4d0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T151740Z&X-Amz-Expires=300&X-Amz-Signature=06364193c0cc3c8abd54ecf7b33c1c2c8e7cce1fa336d658e45b0df7536b7b34&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=134072551&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.20.0-msvc-cuda11_6-win64.7z&response-content-type=application%2Foctet-stream

185.199.109.133

200 OK

17 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/134072551/20b731ca-4ca6-4ea9-90e5-9e1851a8b4d0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T151740Z&X-Amz-Expires=300&X-Amz-Signature=06364193c0cc3c8abd54ecf7b33c1c2c8e7cce1fa336d658e45b0df7536b7b34&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=134072551&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.20.0-msvc-cuda11_6-win64.7z&response-content-type=application%2Foctet-stream
IP
185.199.109.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
7-zip archive data, version 0.4
Size
17 MB (17190578 bytes)
Hash
edcacde189ef9bd11fc71c417fd9a6b3
8c964ccd0f59f704dfd9636d9819a20d62578d11
eb29171aa46df91714a0f21263472e64769428e58ef6c2789dc6bd72219f704e

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 36/60

HTTP Headers

GET /github-production-release-asset-2e65be/134072551/20b731ca-4ca6-4ea9-90e5-9e1851a8b4d0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240328%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240328T151740Z&X-Amz-Expires=300&X-Amz-Signature=06364193c0cc3c8abd54ecf7b33c1c2c8e7cce1fa336d658e45b0df7536b7b34&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=134072551&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.20.0-msvc-cuda11_6-win64.7z&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-md5: 7crN4Ynvm9EfxxxBf9mmsw==
last-modified: Mon, 03 Jul 2023 19:44:31 GMT
etag: "0x8DB7BFDEBA22A93"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 67a4caf9-601e-002c-7323-810dfa000000
x-ms-version: 2020-10-02
x-ms-creation-time: Mon, 03 Jul 2023 19:44:31 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=xmrig-6.20.0-msvc-cuda11_6-win64.7z
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 0
date: Thu, 28 Mar 2024 15:17:41 GMT
x-served-by: cache-iad-kcgs7200068-IAD, cache-hel1410027-HEL
x-cache: HIT, MISS
x-cache-hits: 5, 0
x-timer: S1711639061.560010,VS0,VE577
content-length: 17190578
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (13)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers