xmrig | NEAS[.]a1520c65120d43d43da3ef2abf52eb30[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a1520c65120d43d43da3ef2abf52eb30.exe
Size

1.9MB
MD5

a1520c65120d43d43da3ef2abf52eb30
SHA1

de5fc440b677835a172742e5254d09a28ddff3b4
SHA256

dd7c79718c5a13c2ab9946c2b19580fcea003a06a16d3ef14cc7a6b8644135ed
SHA512

6e0425ca56b729181e2f46903e8578e2f504956e54ad9d99731b89bf88d4eae4d2f4e930491e39310cfc73100ff9478fbd07a58aa11449d015983a1972a7feb6
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AjE6peR:BemTLkNdfE0pZrn

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a1520c65120d43d43da3ef2abf52eb30.exe

Files

NEAS.a1520c65120d43d43da3ef2abf52eb30.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE