xmrig | Malicious_653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9.exe
Size

7.8MB
MD5

bee3b4fe74507e2aefe0d8f4b0809e1b
SHA1

30ee6f9a02e41b6c460c36bd599623f27012ed51
SHA256

653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9
SHA512

43deafae79b3120c7ede41b05f5488cda16678b08dad77fa1c3aea1b1a04930b63e7269812f1bfc6cded6c9010edb5e2d02d90df93865cc418343ea8e7402201
SSDEEP

98304:EKFlTP339rMCEIrcMGmME5y8g5L1mLTHOB97r9lKyRTrq48+/4lt+YohAVdB1o/t:ElT9eH+zhAVT1odCzeqI0bj/1k

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
sample	xmrig
sample	family_xmrig

Xmrig family
xmrig

Files

Malicious_653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9.exe
.exe windows x64

de8a0311b6850e08ae08c8c17115897d

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3b
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2017, 00:00

Not After

31/07/2020, 12:00

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/07/2017, 00:00

Not After

31/07/2020, 12:00

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:cb:ee:9c:6e:6e:05:4a:c7:24:be:fd:6d:fe:8a:e9:58:7a:1e:36:3d:a0:07:fc:cb:da:e6:0b:9b:9f:ee:30
Signer

Actual PE Digest

98:cb:ee:9c:6e:6e:05:4a:c7:24:be:fd:6d:fe:8a:e9:58:7a:1e:36:3d:a0:07:fc:cb:da:e6:0b:9b:9f:ee:30

Digest Algorithm

sha256

PE Digest Matches

false

cc:99:d9:26:72:a6:16:4a:f2:ae:92:1c:67:a7:dd:56:fc:89:65:a2
Signer

Actual PE Digest

cc:99:d9:26:72:a6:16:4a:f2:ae:92:1c:67:a7:dd:56:fc:89:65:a2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptGetUserKey

crypt32

CertFindCertificateInStore

iphlpapi

GetAdaptersAddresses

kernel32

GetVersionExW
GetVersion
ResumeThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

fgetpos

psapi

GetProcessMemoryInfo

user32

GetMessageA

userenv

GetUserProfileDirectoryW

ws2_32

recv

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de8a0311b6850e08ae08c8c17115897d

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3aCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

98:cb:ee:9c:6e:6e:05:4a:c7:24:be:fd:6d:fe:8a:e9:58:7a:1e:36:3d:a0:07:fc:cb:da:e6:0b:9b:9f:ee:30Signer

cc:99:d9:26:72:a6:16:4a:f2:ae:92:1c:67:a7:dd:56:fc:89:65:a2Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

iphlpapi

kernel32

msvcrt

psapi

user32

userenv

ws2_32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.data Size: 42KB - Virtual size: 42KB

.rdata Size: 844KB - Virtual size: 843KB

.pdata Size: 172KB - Virtual size: 172KB

.xdata Size: 206KB - Virtual size: 206KB

.bss Size: - Virtual size: 3.1MB

.idata Size: 17KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.vmp0 Size: 1.3MB - Virtual size: 1.3MB

.vmp1 Size: 192KB - Virtual size: 191KB

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 68KB - Virtual size: 68KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3a
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

98:cb:ee:9c:6e:6e:05:4a:c7:24:be:fd:6d:fe:8a:e9:58:7a:1e:36:3d:a0:07:fc:cb:da:e6:0b:9b:9f:ee:30
Signer

cc:99:d9:26:72:a6:16:4a:f2:ae:92:1c:67:a7:dd:56:fc:89:65:a2
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 42KB - Virtual size: 42KB

.rdata
Size: 844KB - Virtual size: 843KB

.pdata
Size: 172KB - Virtual size: 172KB

.xdata
Size: 206KB - Virtual size: 206KB

.bss
Size: - Virtual size: 3.1MB

.idata
Size: 17KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

.vmp1
Size: 192KB - Virtual size: 191KB

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 68KB - Virtual size: 68KB