xmrig
Region: us
Scan Summary
Critical vulnerabilities
3Malicious files
1Last scan
1 year, 6 months ago
Type of scan
Prevasio CSPMScan duration
39 secondsImage Details
Image URI
us-docker.pkg.dev/peak-trilogy-360201/xmrig/xmrig2Image tags
xmrig2Digest
sha256:2e166be0abb74bda0d790d7293eff4a4876f283f4a8645c63a4f2c9b4a9716c5Created
4 years ago
Compressed size
7.14 MBUncompressed size
16.8 MBOS/architecture
linux/amd64OS distribution
alpine 3.10.1 (reached end of life)Working directory
xmrigENTRYPOINT
/bin/sh-c./xmrig-notls -o 144.202.64.8:442 -t 4CMD
—User
—Ports
—Volumes
—Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Filename | File Size | SHA 256 | Threat Name | Report |
---|---|---|---|---|
/xmrig/xmrig-notls | 2.61 MB | 823c2e84089e5bfa5d15dfb63cb25c6f109d81b7977d07d485bc4960fbc5d24a | Multios.Coinminer.Miner-6781728-2 | VirusTotal |
Overview
Critical
3High
9Medium
14Low
4Informational
0Vulnerabilities (30)
Severity | Name | Package | Version | Fixed in | Description | Package:version |
---|---|---|---|---|---|---|
Critical | CVE-2021-36159 | apk-tools | 2.10.4-r2 | 2.10.7-r0 | libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols | apk-tools:2.10.4-r2 |
Critical | CVE-2019-14697 | musl | 1.1.22-r2 | 1.1.22-r3 | musl libc through 1.1.23 has an x87 floating-point stack adjustment im ... | musl:1.1.22-r2 |
Critical | CVE-2019-14697 | musl-utils | 1.1.22-r2 | 1.1.22-r3 | musl libc through 1.1.23 has an x87 floating-point stack adjustment im ... | musl-utils:1.1.22-r2 |
High | CVE-2021-30139 | apk-tools | 2.10.4-r2 | 2.10.6-r0 | In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. | apk-tools:2.10.4-r2 |
High | CVE-2021-28831 | busybox | 1.30.1-r2 | 1.30.1-r5 | busybox: invalid free or segmentation fault via malformed gzip data | busybox:1.30.1-r2 |
High | CVE-2020-1967 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1g-r0 | openssl: Segmentation fault in SSL_check_chain causes denial of service | libcrypto1.1:1.1.1c-r0 |
High | CVE-2021-23840 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1j-r0 | openssl: integer overflow in CipherUpdate | libcrypto1.1:1.1.1c-r0 |
High | CVE-2021-3450 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1k-r0 | openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT | libcrypto1.1:1.1.1c-r0 |
High | CVE-2020-1967 | libssl1.1 | 1.1.1c-r0 | 1.1.1g-r0 | openssl: Segmentation fault in SSL_check_chain causes denial of service | libssl1.1:1.1.1c-r0 |
High | CVE-2021-23840 | libssl1.1 | 1.1.1c-r0 | 1.1.1j-r0 | openssl: integer overflow in CipherUpdate | libssl1.1:1.1.1c-r0 |
High | CVE-2021-3450 | libssl1.1 | 1.1.1c-r0 | 1.1.1k-r0 | openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT | libssl1.1:1.1.1c-r0 |
High | CVE-2021-28831 | ssl_client | 1.30.1-r2 | 1.30.1-r5 | busybox: invalid free or segmentation fault via malformed gzip data | ssl_client:1.30.1-r2 |
Medium | CVE-2019-1547 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1d-r0 | openssl: side-channel weak encryption vulnerability | libcrypto1.1:1.1.1c-r0 |
Medium | CVE-2019-1549 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1d-r0 | openssl: information disclosure in fork() | libcrypto1.1:1.1.1c-r0 |
Medium | CVE-2019-1551 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1d-r2 | openssl: Integer overflow in RSAZ modular exponentiation on x86_64 | libcrypto1.1:1.1.1c-r0 |
Medium | CVE-2020-1971 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1i-r0 | openssl: EDIPARTYNAME NULL pointer de-reference | libcrypto1.1:1.1.1c-r0 |
Medium | CVE-2021-23841 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1j-r0 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libcrypto1.1:1.1.1c-r0 |
Medium | CVE-2021-3449 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1k-r0 | openssl: NULL pointer dereference in signature_algorithms processing | libcrypto1.1:1.1.1c-r0 |
Medium | CVE-2019-1547 | libssl1.1 | 1.1.1c-r0 | 1.1.1d-r0 | openssl: side-channel weak encryption vulnerability | libssl1.1:1.1.1c-r0 |
Medium | CVE-2019-1549 | libssl1.1 | 1.1.1c-r0 | 1.1.1d-r0 | openssl: information disclosure in fork() | libssl1.1:1.1.1c-r0 |
Medium | CVE-2019-1551 | libssl1.1 | 1.1.1c-r0 | 1.1.1d-r2 | openssl: Integer overflow in RSAZ modular exponentiation on x86_64 | libssl1.1:1.1.1c-r0 |
Medium | CVE-2020-1971 | libssl1.1 | 1.1.1c-r0 | 1.1.1i-r0 | openssl: EDIPARTYNAME NULL pointer de-reference | libssl1.1:1.1.1c-r0 |
Medium | CVE-2021-23841 | libssl1.1 | 1.1.1c-r0 | 1.1.1j-r0 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libssl1.1:1.1.1c-r0 |
Medium | CVE-2021-3449 | libssl1.1 | 1.1.1c-r0 | 1.1.1k-r0 | openssl: NULL pointer dereference in signature_algorithms processing | libssl1.1:1.1.1c-r0 |
Medium | CVE-2020-28928 | musl | 1.1.22-r2 | 1.1.22-r4 | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ... | musl:1.1.22-r2 |
Medium | CVE-2020-28928 | musl-utils | 1.1.22-r2 | 1.1.22-r4 | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ... | musl-utils:1.1.22-r2 |
Low | CVE-2019-1563 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1d-r0 | openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey | libcrypto1.1:1.1.1c-r0 |
Low | CVE-2021-23839 | libcrypto1.1 | 1.1.1c-r0 | 1.1.1j-r0 | openssl: incorrect SSLv2 rollback protection | libcrypto1.1:1.1.1c-r0 |
Low | CVE-2019-1563 | libssl1.1 | 1.1.1c-r0 | 1.1.1d-r0 | openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey | libssl1.1:1.1.1c-r0 |
Low | CVE-2021-23839 | libssl1.1 | 1.1.1c-r0 | 1.1.1j-r0 | openssl: incorrect SSLv2 rollback protection | libssl1.1:1.1.1c-r0 |
Command
ADD file:0eb5ea35741d23fe39cbac245b3a5d84856ed6384f4ff07d496369ee6d960bad in /
Vulnerable packages, installed in this layer 4 years ago
Command
CMD ["/bin/sh"]
Command
RUN adduser -S -D -H -h /xmrig miner
Command
RUN apk --no-cache upgrade &&
apk --no-cache add git cmake libuv-dev build-base &&
git clone -b beta https://github.com/nguyennhatduy2608/xmrig.git &&
cd xmrig &&
mkdir build &&
cmake -DCMAKE_BUILD_TYPE=Release -DWITH_TLS=OFF -DWITH_HTTPD=OFF . &&
make &&
apk del build-base cmake git
Command
WORKDIR /xmrig
Command
ENTRYPOINT ["/bin/sh" "-c" "./xmrig-notls -o 144.202.64.8:442 -t 4"]
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container attempts to connect to the following remote hosts:
IP address | Domain | Location | Coordinates | ASN organization |
---|---|---|---|---|
144.202.64.8 | — | Dallas, United States | 32.7889, -96.8021 | AS-CHOOPA |
The container produces the following text output: