xmrig | NEAS[.]de1f875f03f94fdf28f77cee85b40770[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.de1f875f03f94fdf28f77cee85b40770.exe
Size

2.0MB
MD5

de1f875f03f94fdf28f77cee85b40770
SHA1

8638102c0bf0b79a950c848ead1976331df3dbac
SHA256

a87c57ca8c67a299da028b0c9514f537ce0893cd2c58368b2f2f7c3e2dba703a
SHA512

5bfd42e4c54c24260f9cf82542f101b6486989a33b08794e022fe8fd7fcc7b5ef6995aa4e2770551507fd161f7c641c808c72c1748d7899a37798915557a9fe7
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGsdut:BemTLkNdfE0pZr+

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.de1f875f03f94fdf28f77cee85b40770.exe

Files

NEAS.de1f875f03f94fdf28f77cee85b40770.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE