xmrig | NEAS[.]1aa6c8e9d33cca451b52be6927dd7f40[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1aa6c8e9d33cca451b52be6927dd7f40.exe
Size

1.6MB
MD5

1aa6c8e9d33cca451b52be6927dd7f40
SHA1

c9ea60c798ee43538946fa45e2c138d9fab68498
SHA256

75ca3ff75852850f3d4eff20a23848a409eb5769447a500b828b2496bde5d4b3
SHA512

ef688aaa4ece57fe3777114593e77ba9af345184f11678f7744b6980c9aee3a6d9a3592f0a1bf86f411d7f8ac3718b8922d3ac503414360dea14afc1155dcff9
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXSLOmL+2viDFp:BemTLkNdfE0pZrB

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1aa6c8e9d33cca451b52be6927dd7f40.exe

Files

NEAS.1aa6c8e9d33cca451b52be6927dd7f40.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE