Anti-Malware Research Whitepapers

Kingminer Botnet Keeps up with the Times

The e-currency boom in late 2017 sparked a new type of “gold rush”, as cyber-criminals started racing to infect home computers and data centers with crypto-miners.

While digital currencies have fluctuated wildly since late 2017, cyber-criminals are still making money and investing in the development of mining malware. Such is the case with Kingminer, a piece of crypto-jacking malware that has been around since early 2018.

Kingminer has drawn its share of scrutiny, as it has been thoroughly researched by the cyber-security community. Recently, though, Bitdefender researchers picked up an attack involving several new sophisticated techniques, tactics and procedures to deliver malicious payloads.

This new whitepaper on Kingminer focuses on novel techniques such as:

  • Initial access from SQL Server processes by brute-forcing accounts
  • Initial execution from a kernel exploit, e.g., EternalBlue, the technique used by WannaCry
  • DGA (Domain Generation Algorithm) for evading blacklists
  • Use of tools like Mimikatz and PowerSploit
  • File-less execution of the bot
  • Various payloads delivered from the attacker’s server (XMRig, Kingminer)

Download the whitepaper

About the author

Janos Gergo SZELES

János Gergő Széles is a senior software engineer at Bitdefender. Passionate about malware behaviour analysis, he is continuously looking for new tricks employed by malicious actors. When not glued to the computer, he likes to spend time in nature and to take care of his bonsai. He believes that with perseverance, even the most challenging riddles can be solved.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as director of threat research. When he is not documenting sophisticated strains of malware or planning removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Add Comment

Click here to post a comment