xmrig | Malicious_653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9.exe
Size

7.8MB
MD5

822b00df5d77673c10e590ce8ec14b10
SHA1

125a4cf72ea54e7ddf2496cf57107ed508f9ae5d
SHA256

4bb81655540d93276c880e7c3f2a6fe29e2453cd6b98d0536f80b03787a12c18
SHA512

0e46cd21c680438a3ebc16a0a9894f132ed47d11aed89b73fab3e27ab4f22050dd9e498b36495ee24e6d587980f9228fb93655f5828e2f33f830a9e9e033faaf
SSDEEP

98304:EKFlTP339rMCEIrcMGmME5y8g5L1mLTHOB97r9lKyRTrq48+/4lt+YohAVdB1o/C:ElT9eH+zhAVT1odCzeqI0bj/1T

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
sample	xmrig
sample	family_xmrig

Xmrig family
xmrig

Files

Malicious_653da2f4401aa9a962b5441c18bae4d670da8b513166c091b5317be38b6189d9.exe
.exe windows x64

de8a0311b6850e08ae08c8c17115897d

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3b
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2017, 00:00

Not After

31/07/2020, 12:00

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/07/2017, 00:00

Not After

31/07/2020, 12:00

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:6c:01:35:98:79:67:cd:a6:f6:ed:dc:97:8f:5c:60:0a:e1:1b:1b:cf:0b:77:61:04:3b:7d:dc:a1:88:e0:b6
Signer

Actual PE Digest

16:6c:01:35:98:79:67:cd:a6:f6:ed:dc:97:8f:5c:60:0a:e1:1b:1b:cf:0b:77:61:04:3b:7d:dc:a1:88:e0:b6

Digest Algorithm

sha256

PE Digest Matches

false

8a:d9:c4:87:26:7f:f2:df:00:6f:35:2d:c7:d8:96:ef:e3:93:b7:6c
Signer

Actual PE Digest

8a:d9:c4:87:26:7f:f2:df:00:6f:35:2d:c7:d8:96:ef:e3:93:b7:6c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptGetUserKey

crypt32

CertFindCertificateInStore

iphlpapi

GetAdaptersAddresses

kernel32

GetVersionExW
GetVersion
ResumeThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

fgetpos

psapi

GetProcessMemoryInfo

user32

GetMessageA

userenv

GetUserProfileDirectoryW

ws2_32

recv

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de8a0311b6850e08ae08c8c17115897d

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3aCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

16:6c:01:35:98:79:67:cd:a6:f6:ed:dc:97:8f:5c:60:0a:e1:1b:1b:cf:0b:77:61:04:3b:7d:dc:a1:88:e0:b6Signer

8a:d9:c4:87:26:7f:f2:df:00:6f:35:2d:c7:d8:96:ef:e3:93:b7:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

iphlpapi

kernel32

msvcrt

psapi

user32

userenv

ws2_32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.data Size: 42KB - Virtual size: 42KB

.rdata Size: 844KB - Virtual size: 843KB

.pdata Size: 172KB - Virtual size: 172KB

.xdata Size: 206KB - Virtual size: 206KB

.bss Size: - Virtual size: 3.1MB

.idata Size: 17KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.vmp0 Size: 1.3MB - Virtual size: 1.3MB

.vmp1 Size: 192KB - Virtual size: 191KB

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 68KB - Virtual size: 68KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3a
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

16:6c:01:35:98:79:67:cd:a6:f6:ed:dc:97:8f:5c:60:0a:e1:1b:1b:cf:0b:77:61:04:3b:7d:dc:a1:88:e0:b6
Signer

8a:d9:c4:87:26:7f:f2:df:00:6f:35:2d:c7:d8:96:ef:e3:93:b7:6c
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 42KB - Virtual size: 42KB

.rdata
Size: 844KB - Virtual size: 843KB

.pdata
Size: 172KB - Virtual size: 172KB

.xdata
Size: 206KB - Virtual size: 206KB

.bss
Size: - Virtual size: 3.1MB

.idata
Size: 17KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.vmp0
Size: 1.3MB - Virtual size: 1.3MB

.vmp1
Size: 192KB - Virtual size: 191KB

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 68KB - Virtual size: 68KB