xmrig | c5ced8c3cad1e0da1b5df1dfbc8d0250_console[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5ced8c3cad1e0da1b5df1dfbc8d0250_console.exe
Size

2.2MB
MD5

c5ced8c3cad1e0da1b5df1dfbc8d0250
SHA1

e2c6b31b9e9f8b0fee4e7f0a879c2904c9bef603
SHA256

17ed2a94e5e71a6a559c6656fde11766a0efe8ec4d8480c7cdefede9d07d49f5
SHA512

fb79c7edf7d3b06d5bf7f378eb99c46ced77246123f31eca809369f4017cf73944bca0cb8645e426af1eff733d4e2619903ddee61665280fe211bff43a26191e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD52UlklpuvUe:BemTLkNdfE0pZru

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5ced8c3cad1e0da1b5df1dfbc8d0250_console.exe

Files

c5ced8c3cad1e0da1b5df1dfbc8d0250_console.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE