Home / malware Trojan:Win64/SvcMiner.A
First posted on 22 February 2019.
Source: MicrosoftAliases :
Trojan:Win64/SvcMiner.A is also known as W32/Trojan.IUCM-2202, Trojan horse PSW.Agent.BGJL, TR/Spy.Agent.1419416, Tool.BtcMine.477, TROJ_SPNR.11KC14.
Explanation :
Installation
This threat can use your PC to mine for bitcoins. It can be installed by third-party software bundlers, such as installers for software cracks and key generators. We have also seen this threat downloaded by the following malware:
Ransom:Win32/Warik.A Trojan:Win32/Deminnix.gen!B Trojan:Win32/Maener.B
The bitcoin miner is usually installed with a legitimate process name. For example, we have seen it use the following file names:
svchost.exe Win Defender.exe wuauclt.exe
The malware creates the following files on your PC:
%SystemDrive%winddk mp-1.bin %SystemDrive% winddkwinddk.exe Payload
Uses your PC to mine for bitcoins
This threat can use your PC to mine for bitcoins. This activity can make your PC run slower than usual.
We have seen the malware try to connect to the following server to update itself and download a configuration file:
82.146.54.187
The configuration file includes instructions for bitcoin mining activities. It can also include instruction to perform a denial of service (DoS) attack.
The malware also connects to the following legitimate bitcoin-mining website:
Minergate.com
Collects information about your PC
This threat can collect information about your PC and upload it to a remote server, including information about your:
Antimalware product Firewall Video card Windows security settings Additional information
Creates a mutex
This malware can create the mutex Raum-with-Me. This can be an infection marker to prevent more than one copy of the threat running on your PC.
Analysis by Meths FerrerLast update 22 February 2019
