xmrig | NEAS[.]ff01891d7b9d5f45cd49d51190499390[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ff01891d7b9d5f45cd49d51190499390.exe
Size

2.1MB
MD5

ff01891d7b9d5f45cd49d51190499390
SHA1

27b27d5fdb69cca106bb5741f228c34b38a56f9d
SHA256

8ffd49c85adb0c3ed62631f0dae3447da338241aeb8e4fad41c89ffd912c0605
SHA512

b0bd00185a5773082bee0eeb7d1ecd0f412a3fd392b4b80ba8baa451dc263069bab4460c5bd4ebce6acb7cd8afc0f240b4909fc302b4ff4b21e4c2a1f5d48612
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSdbbUGs19WI:BemTLkNdfE0pZrP

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ff01891d7b9d5f45cd49d51190499390.exe

Files

NEAS.ff01891d7b9d5f45cd49d51190499390.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE