xmrig | 128e72eb6c233ed7ff523bb5c8acc59cf385d53913ff441d6c93221862534bf4[.]bin[.]sample

Resubmissions

09/01/2023, 20:07

230109-ywg41sba3x 10

Sharing

Copy URL Twitter E-mail

General

Target

128e72eb6c233ed7ff523bb5c8acc59cf385d53913ff441d6c93221862534bf4.bin.sample
Size

506KB
MD5

58c73e199665de0260ff4a4df16eaed5
SHA1

3b81534d289ad39a28111a781d8f873f3d9cbfa4
SHA256

128e72eb6c233ed7ff523bb5c8acc59cf385d53913ff441d6c93221862534bf4
SHA512

9cb9fbd861cb723f96d243050e18f27051600365cdf6daedab88931b2acaabf284c03c8c29c298903ffd38dc4b134980227f5ab75d85609b5a96b2c5685f57f0
SSDEEP

12288:CP5Yx6AiXYPD24F6B8BS+tPCJPR/AMPj0RusboCsAqnK:CP5Yx6AioPD24F68tPCJxAMP2uV7AiK

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Files

128e72eb6c233ed7ff523bb5c8acc59cf385d53913ff441d6c93221862534bf4.bin.sample
.exe windows x64

1fd435f72ab29743080f855f510577cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaOpenPolicy
OpenProcessToken

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FillConsoleOutputCharacterA
FormatMessageA
FreeConsole
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
__C_specific_handler

msvcrt

__argv
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_fileno
_fmode
_gmtime64
_initterm
_isatty
_localtime64
_lock
_onexit
_read
_setjmp
_snprintf
_snwprintf
_stat64
_strdup
_stricmp
_strnicmp
_sys_nerr
_time64
_ultoa
_unlock
_vscprintf
_vsnprintf
_write
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fwprintf
fwrite
getenv
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
raise
realloc
setlocale
signal
sprintf
sscanf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
vfprintf
wcscpy
wcslen
wcstombs

user32

MessageBoxW
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htons
ioctlsocket
ntohs
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1fd435f72ab29743080f855f510577cf

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 384KB - Virtual size: 383KB

.data Size: 1024B - Virtual size: 888B

.rdata Size: 89KB - Virtual size: 88KB

.pdata Size: 11KB - Virtual size: 10KB

.xdata Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.text
Size: 384KB - Virtual size: 383KB

.data
Size: 1024B - Virtual size: 888B

.rdata
Size: 89KB - Virtual size: 88KB

.pdata
Size: 11KB - Virtual size: 10KB

.xdata
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B