xmrig | NEAS[.]305272d7a4e34b41e4f8d2a86c7a5ba0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.305272d7a4e34b41e4f8d2a86c7a5ba0.exe
Size

2.0MB
MD5

305272d7a4e34b41e4f8d2a86c7a5ba0
SHA1

1c32db3d6fbf855d03926eded49bbd5fe5a3a151
SHA256

4daaae278f18a6bdc952251e4073042e33fbe4a71e70c669446eee06a6a8fea0
SHA512

f6e8aa4b08fd6e0a738f2c11430ec410d8c16340926b680ba14a47c7b04061a50489c532e4c5913a6397895ec0f2f00c1fea6c64bf64c587ed454f51e87265e8
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmGo9MIB:BemTLkNdfE0pZrn

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.305272d7a4e34b41e4f8d2a86c7a5ba0.exe

Files

NEAS.305272d7a4e34b41e4f8d2a86c7a5ba0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE