Bird_banner_small4
Trojan-Downloader.MSIL.Netmexminer.A
TSL ID TSL20180207-05
Severity Moderate
Description

Trojan-Downloader.MSIL.Netmexminer.A is a Trickler that targets the Windows platform. This malware contacts a remote server to report its status. It can download and execute XMR miners on the infected computer. Furthermore, it adds values to the Run key in the Registry and creates Shortcut links under the user's Startup folder to get itself and the downloaded miners started after system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 372F4D9C378458B32D6046E03EF65000
SHA1:
  • 8B941C0A391AACA27B41D5E22D904F472FAB05A5
Identifiers
Kaspersky
  • TROJAN.WIN32.BITCOINMINER.OS
McAfee
  • GENERIC.CTG
TrendMicro
AhnLab
  • TROJAN/WIN32.BITCOINMINER.R219113
ALYac
  • TROJAN.GENERICKD.6207267
Arcabit
  • TROJAN.GENERIC.D5EB723
Cybereason
  • MALICIOUS.C37845
Cyren
  • W32/TROJAN.JGIA-1589
DrWeb
  • TROJAN.DOWNLOADER25.55799
ESET
  • MSIL/COINMINER.AFI
Fortinet
  • W32/BITCOINMINER.AFI!TR
Jiangmin
  • TROJAN.GENERIC.BYWCD
Qihoo-360
  • WIN32/TROJAN.217
Rising
  • DROPPER.GENERIC!8.35E
Tencent
  • WIN32.TROJAN.BITCOINMINER.LIHB
TheHacker
  • TROJAN/COINMINER.AFI
Yandex
  • TROJAN.BITCOINMINER!MBMWMRTDSMO
Zillya
  • TROJAN.COINMINER.WIN32.6596
References http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
Related Threats