xmrig | NEAS[.]6bde1e4632ad9af4420def8a98d7e9d0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6bde1e4632ad9af4420def8a98d7e9d0.exe
Size

1.6MB
MD5

6bde1e4632ad9af4420def8a98d7e9d0
SHA1

307f0e68c566cc19fff90d5e11f41fd38090dece
SHA256

9c05eec773bfbc2c83b32e201e0b583e9dba4f41a68d6d6b8fd1b295e0d3268d
SHA512

2af3d46af93a2ba4edc64623975eb7221ad15241c6cf7ffe6b8cb7ade7b1941f50f3ddc7722bd2a24a8b666a19b24b0908cc0eb05cd26ffeb1f90edff16df4ed
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv3Q7W8GI6iikrQ+euX:BezaTF8FcNkNdfE0pZ9ozt4wICbj6WpX

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6bde1e4632ad9af4420def8a98d7e9d0.exe

Files

NEAS.6bde1e4632ad9af4420def8a98d7e9d0.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE