xmrig | NEAS[.]bb205584c4b1d26eec744a8a536d8550[.]exe | Triage

Sharing

General

Target

NEAS.bb205584c4b1d26eec744a8a536d8550.exe
Size

1.9MB
MD5

bb205584c4b1d26eec744a8a536d8550
SHA1

435e9721c68f3e4897d53a9a9a78da0213193698
SHA256

77804a402dfa2232f74e8abddd54e0b03f5ae448a6220796451d9dd625ed847a
SHA512

49db0ea6a10693b56676fea36f0079245f2e9a63c8fcea3914464f8e09b2891b54901a05e2e5e3d47d098e647bb0d9bc27b46dbb2a35c76f7a7c029d3e3519cb
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmVeIBi1:BemTLkNdfE0pZro

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bb205584c4b1d26eec744a8a536d8550.exe

Files

NEAS.bb205584c4b1d26eec744a8a536d8550.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE