xmrig | NEAS[.]bb3a83aa7955d7cd3ae632104a15ef10[.]exe | Triage

Sharing

General

Target

NEAS.bb3a83aa7955d7cd3ae632104a15ef10.exe
Size

4.9MB
MD5

bb3a83aa7955d7cd3ae632104a15ef10
SHA1

d2666c937a70696bfd3c1ddb3d68462f1f38c1b5
SHA256

54b972787f5170e97b48566c894cdc7d35cdeffc92fd508d83eeaf726a54cf61
SHA512

85382a62778b7a9f4775e214fed7339b790686a6dac9a16ffbe57aa5d0e6bde5d30271c22b33a678a5f6315f63c00d7de11b7ea5ceb64e221b4edd3a348a70ee
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32l:Q+856utgpPF8u/8

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bb3a83aa7955d7cd3ae632104a15ef10.exe

Files

NEAS.bb3a83aa7955d7cd3ae632104a15ef10.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE