xmrig | NEAS[.]9d982ef47cd01e979eacbe4e6b1577e0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9d982ef47cd01e979eacbe4e6b1577e0.exe
Size

1.9MB
MD5

9d982ef47cd01e979eacbe4e6b1577e0
SHA1

1e651868855fe5fb2ca1e907287ec9891a685f02
SHA256

2f5c25501835718c8c746ef7760471f866239780a2ce7e94375770825057b552
SHA512

ecbff7a6c06610f3326d384ec3d582fd157dba4f6304af464ec58b1762f0e23b630bbe760ece6951f4a39aa68a28959a0337645a0496aa1fccc437ab9c1f3f6e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wINF/Y2jQ2mO:BemTLkNdfE0pZrL

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9d982ef47cd01e979eacbe4e6b1577e0.exe

Files

NEAS.9d982ef47cd01e979eacbe4e6b1577e0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE