xmrig | NEAS[.]4dde0db7f09484a5a0aede6ff5602220[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4dde0db7f09484a5a0aede6ff5602220.exe
Size

2.2MB
MD5

4dde0db7f09484a5a0aede6ff5602220
SHA1

3f408628a6c4754a399dab346ff9e5edd01779ff
SHA256

0638bc1729ef83d58cd8211846014d793f5a938679ee373f4eb6f622b8a899e1
SHA512

0ecb90012edcee0acca938fdb07cce76e2c89ba172928d985d5e18f46b86f1324c88b8b00c1e5a1a377e6fbb32a4ce019e1e97fdb951435c69dcab60de1f7c4e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGsaMKgncZSEr:BemTLkNdfE0pZrQ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4dde0db7f09484a5a0aede6ff5602220.exe

Files

NEAS.4dde0db7f09484a5a0aede6ff5602220.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE