xmrig | ef04b980d011abda9a89ff4dc122b5e5ab3ba6f6 | Triage

Sharing

General

Target

ef04b980d011abda9a89ff4dc122b5e5ab3ba6f6
Size

2.5MB
MD5

8c9b3ab48ea8a82e749beab620517e20
SHA1

ef04b980d011abda9a89ff4dc122b5e5ab3ba6f6
SHA256

4a930949cc187e9135d2ba45e26e4347bc9da7e7c72cc601de649e71ff0ad90f
SHA512

e8f61feeae226cb35e7ccdaf7b305f8d301d64a293c65e85d5a4bc577283058a6d59ec9931c9b59e3c305a84bae6e3b2706f2895837275e3fa84b633ee512b02
SSDEEP

49152:00wjnJMOWh50kC1/dVFdx6e0EALKWVTffZiPAcRq6jHjnz8DhJUjc2HhG82DiH5:00GnJMOWPClFdx6e0EALKWVTffZiPAcr

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner Payload 1 IoCs
miner

Processes:

resource yara_rule

sample xmrig
Xmrig family
xmrig

Files

ef04b980d011abda9a89ff4dc122b5e5ab3ba6f6
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ