xmrig | NEAS[.]dc7bd047bbe75f3610b6ee52f49647f0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.dc7bd047bbe75f3610b6ee52f49647f0.exe
Size

4.9MB
MD5

dc7bd047bbe75f3610b6ee52f49647f0
SHA1

efde6374e8347a3ceec0d909b8ec605ff5a72c42
SHA256

5d52f2d7d182be29568714df063a31e3504785faab8e4700423611c5d0d11f79
SHA512

4babf7114cc06956c162c7190eee4c4d189875d3374f2f875e270401f6f8aee05a021d3858676ff560e0b36158ae9a76f1b84ad229c2c5dc762f76a3f4787275
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32p:Q+856utgpPF8u/w

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.dc7bd047bbe75f3610b6ee52f49647f0.exe

Files

NEAS.dc7bd047bbe75f3610b6ee52f49647f0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE