xmrig | NEAS[.]a2a286b71605cd776f708a6520d906c0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a2a286b71605cd776f708a6520d906c0.exe
Size

1.7MB
MD5

a2a286b71605cd776f708a6520d906c0
SHA1

679f01d0e5a4a41cffc35fd13c05ca11c9a35b8e
SHA256

255afb1091f93a47568a1f80ee06e27791ff135c28dcad01d885c833ac61f1ed
SHA512

dfec50f1b48de68080d7d82ec70575c6b06b5b974e81aac7ff1d427bbd0b580db2201343dff65e2c8f736fa8400cc4762a4e083595afbfd3206d606e4e141b78
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXIqndvawwcB5dgg:BemTLkNdfE0pZrD

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a2a286b71605cd776f708a6520d906c0.exe

Files

NEAS.a2a286b71605cd776f708a6520d906c0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE