xmrig | NEAS[.]e416592f04071028c78d4af3a0ab0950[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e416592f04071028c78d4af3a0ab0950.exe
Size

1.9MB
MD5

e416592f04071028c78d4af3a0ab0950
SHA1

70789aa22af89775dfc0ede49f486b197ff71639
SHA256

f0e8e05dfc35bf06eec58a9758a73051fc4d40b7776b486a6b09e808bb5002dd
SHA512

8243ea5fa1cfb6ea97636864114e1a526c9e3383797487ff8bb16b48c8f09ddb40968cb1b516f8361a0c3d7a6df6e498c28271919e12b7719534139d33fd6c49
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wINF/A1BibL:BemTLkNdfE0pZrf

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e416592f04071028c78d4af3a0ab0950.exe

Files

NEAS.e416592f04071028c78d4af3a0ab0950.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE