xmrig | NEAS[.]5043affda540a5b04ad7f600d2efc460[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5043affda540a5b04ad7f600d2efc460.exe
Size

3.3MB
MD5

5043affda540a5b04ad7f600d2efc460
SHA1

690ca8c601b9e59b570ac77a9f5a0f1f3d2237f2
SHA256

d7088d6eb3f4f2cc56622af7ea716af9ab96fa56a84b02d8d7e20905e6e3f23b
SHA512

c4e6475e02a4f1018bcaeccc31764154371d62dea587732cee129f5c110c77a057dfd83213eab53c080c27aebdc9930c19300a108ce29013807dcb647f3d0954
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIt56uL3pgrCEdMKPFotsgEBr6GjvzWJ:BemTLkNdfE0pZrt56utgpPFotBER6

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5043affda540a5b04ad7f600d2efc460.exe

Files

NEAS.5043affda540a5b04ad7f600d2efc460.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE