xmrig | 5614aa199522a447f9970b2a20d8c225d56bc16b99d490011d37473b09012dfc

Sharing

Copy URL

Twitter E-mail

General

Target

5614aa199522a447f9970b2a20d8c225d56bc16b99d490011d37473b09012dfc
Size

1.6MB
MD5

bb81f1c8b488cfbb85246229fb082e7e
SHA1

8304c872c29c20cc2de915d8f8b150c9fa37495a
SHA256

5614aa199522a447f9970b2a20d8c225d56bc16b99d490011d37473b09012dfc
SHA512

a3c9e4d5c6e1d8855d7c434eeced6c6389da86dd117a8261839f93a0c9296050901739a1cb564126bad52052ce05420da46a176d0f922f9f78c68e2f453e6379
SSDEEP

24576:Gh7OrQcG1USe+rNJKhnmzVuCplGuMsYjdDvgHL+2nr2rxL7rX9K3EugQIR+:GhkQUS/rWhmVu2GuMdjNIHLLnkfb9JR

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner Payload 1 IoCs
miner

Processes:

resource yara_rule

sample xmrig
Xmrig family
xmrig

resource	yara_rule
sample	xmrig

Files

5614aa199522a447f9970b2a20d8c225d56bc16b99d490011d37473b09012dfc
.exe windows x64

794c6c37afc4146f0f088c4d78e0bbc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACleanup
WSASetLastError
select
WSARecvFrom
bind
WSAIoctl
WSASend
shutdown
WSARecv
FreeAddrInfoW
GetAddrInfoW
gethostname
htonl
closesocket
WSASocketW
getaddrinfo
getpeername
send
socket
ntohs
connect
recv
getsockopt
WSAPoll
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
htons
WSAStartup

kernel32

GetCommandLineW
GetConsoleCP
RaiseException
RtlPcToFileHeader
GetFileAttributesExW
SetFileAttributesW
GetCommandLineA
SetStdHandle
ExitThread
RtlUnwindEx
LoadLibraryW
SetConsoleTitleA
GetStdHandle
SetConsoleMode
GetConsoleMode
MultiByteToWideChar
GetCurrentProcess
SetThreadPriority
GetCurrentThread
GetProcAddress
GetModuleHandleW
CloseHandle
FreeConsole
GetConsoleWindow
VirtualProtect
VirtualFree
VirtualAlloc
GetLargePageMinimum
LocalAlloc
GetLastError
LocalFree
FlushInstructionCache
DeviceIoControl
GetModuleFileNameW
CreateFileW
GetCurrentThreadId
AddVectoredExceptionHandler
GetFileType
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RegisterWaitForSingleObject
UnregisterWait
GetConsoleCursorInfo
DuplicateHandle
PostQueuedCompletionStatus
QueueUserWorkItem
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
SetConsoleCursorPosition
CreateDirectoryW
ReadFile
SetLastError
WriteFile
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileAttributesW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
FlushFileBuffers
GetLongPathNameW
GetShortPathNameW
GetCurrentDirectoryW
GetModuleHandleExW
CreateIoCompletionPort
EnterCriticalSection
SetEnvironmentVariableW
LeaveCriticalSection
InitializeCriticalSection
FileTimeToSystemTime
QueryPerformanceFrequency
GetSystemInfo
GetCurrentProcessId
GlobalMemoryStatusEx
QueryPerformanceCounter
SetConsoleCtrlHandler
Sleep
CancelIo
SetHandleInformation
CreateEventA
SetFileCompletionNotificationModes
SetErrorMode
GetQueuedCompletionStatusEx
SetNamedPipeHandleState
CreateNamedPipeW
PeekNamedPipe
WaitForSingleObject
CancelSynchronousIo
GetNamedPipeHandleStateA
CancelIoEx
RtlUnwind
DeleteCriticalSection
ConnectNamedPipe
TerminateProcess
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
ReleaseSemaphore
WakeConditionVariable
InitializeConditionVariable
ResumeThread
SetEvent
TlsAlloc
TlsGetValue
TlsFree
CreateSemaphoreA
GetModuleHandleA
LoadLibraryA
FormatMessageA
DebugBreak
GetStartupInfoW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetVersionExW
LoadLibraryExW
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
HeapReAlloc
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFileSizeEx
HeapSize
GetFullPathNameW
SetEndOfFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
ReadDirectoryChangesW
SwitchToThread
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread

user32

TranslateMessage
ShowWindow
DispatchMessageA
MapVirtualKeyW
GetMessageA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigA
DeleteService
ControlService
StartServiceW
OpenServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RANDOMX
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

794c6c37afc4146f0f088c4d78e0bbc7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 281KB - Virtual size: 280KB

.data Size: 25KB - Virtual size: 65KB

.pdata Size: 49KB - Virtual size: 48KB

_RANDOMX Size: 2KB - Virtual size: 1KB

_TEXT_CN Size: 6KB - Virtual size: 6KB

_TEXT_CN Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 281KB - Virtual size: 280KB

.data
Size: 25KB - Virtual size: 65KB

.pdata
Size: 49KB - Virtual size: 48KB

_RANDOMX
Size: 2KB - Virtual size: 1KB

_TEXT_CN
Size: 6KB - Virtual size: 6KB

_TEXT_CN
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB