xmrig | NEAS[.]41652380c72c2c7b0b5777fb84f8ec10[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.41652380c72c2c7b0b5777fb84f8ec10.exe
Size

2.1MB
MD5

41652380c72c2c7b0b5777fb84f8ec10
SHA1

00fd792d2bc24d0367f8cf0eefe143b6c9692fd2
SHA256

dbaee10ce9c727fb6cd3d0c38ce028fc70f0d6f51e88e2b3b0bd1b00eb2ea10b
SHA512

dc5de220f19e8c55a29447a571824509b9417cb9557c88135d05e6ff8267bb01c50e40d7fb801174ca203fd9c767c318d73f4ca4ebfbfcfbe30fdbd670d483c5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A8Jh1Aa1dFhZgkoO:BemTLkNdfE0pZr9

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.41652380c72c2c7b0b5777fb84f8ec10.exe

Files

NEAS.41652380c72c2c7b0b5777fb84f8ec10.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE