xmrig | NEAS[.]1561b2293c7c225fea4a86531ab1cdf0[.]exe | Triage

Sharing

General

Target

NEAS.1561b2293c7c225fea4a86531ab1cdf0.exe
Size

3.3MB
MD5

1561b2293c7c225fea4a86531ab1cdf0
SHA1

25fdb616d57a26b238a3c5cdd3e3beaea788606b
SHA256

8a5c7714343a5ae6fb2a3f50ec7d425dd45984389fca0fb70ce7e546da51be1d
SHA512

a57357cee01e9436d36f44715f39905efaa327deb9fff7b0ad9dc996f63799b485f676ea8aa3071bb844be367a66505a8daebfcfff5072da1a6da8f7b0be4887
SSDEEP

24576:8ezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbKP19Sp/:8ezaTF8FcNkNdfE0pZ9oztuPX

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1561b2293c7c225fea4a86531ab1cdf0.exe

Files

NEAS.1561b2293c7c225fea4a86531ab1cdf0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE