xmrig | NEAS[.]bb84c0be2509cd9fd635f4117d0aacb0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bb84c0be2509cd9fd635f4117d0aacb0.exe
Size

1.9MB
MD5

bb84c0be2509cd9fd635f4117d0aacb0
SHA1

b90efd5a0114fa79810810e682ac9a1a916d035d
SHA256

bbed66bb7bd909ec2098293d4b41abd95b7f0949b15a17fed5b224f3ef33df6d
SHA512

7d7e006970c2c209797049cef886a1ed47c5892c8276c4b5c883e6e5be8edca0d175d0a6164e30c439f780ecf6c89df273aa108a9e971809b657727f7e4b4a71
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5/xFGx+:BemTLkNdfE0pZr2

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bb84c0be2509cd9fd635f4117d0aacb0.exe

Files

NEAS.bb84c0be2509cd9fd635f4117d0aacb0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE