xmrig | NEAS[.]0fdbee931d5372ed772b6d864070f1e0_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0fdbee931d5372ed772b6d864070f1e0_JC.exe
Size

2.1MB
MD5

0fdbee931d5372ed772b6d864070f1e0
SHA1

ffbe922f962b13aece2a7c0c63458b271aee3780
SHA256

cd1231f1e69cc785ed4a78f64f8bd9af44efc0249170f08e5bded0f34be2a3a4
SHA512

c3edeba55d3f7f3d9e739902f7cd798c4450667f525897b875b48faac89510e6c25aa5e4a48ec8e9f36da116ca0b6888dbb6136f798c7e7b39568103c2e31fdc
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGs19WV:BemTLkNdfE0pZr2

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0fdbee931d5372ed772b6d864070f1e0_JC.exe

Files

NEAS.0fdbee931d5372ed772b6d864070f1e0_JC.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE