kpot | NEAS[.]84599de7fa0191cd7b97c30219895760[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.84599de7fa0191cd7b97c30219895760.exe
Size

2.0MB
MD5

84599de7fa0191cd7b97c30219895760
SHA1

a09ec35b13ba54f65152bd71a9aeca3775000939
SHA256

cd85b40d1dd848d391864fcd642cdda4e80951d70e01cfafafd2b3c1772e57bf
SHA512

73c75a4f551b2f19553711778ff367f219e41cfda0dc614ffe58f1b0ed7afc0cf9aad0f6031e71d26809724e4c638f735d96e5a74dbc962574be65bfe81c3dcf
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6St1tRM:BemTLkNdfE0pZrwP

Score

10^/10

miner upx kpot xmrig

Malware Config

Signatures

KPOT Core Executable 1 IoCs

resource	yara_rule
sample	family_kpot

Kpot family
kpot

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.84599de7fa0191cd7b97c30219895760.exe

Files

NEAS.84599de7fa0191cd7b97c30219895760.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE