xmrig | NEAS[.]ab4e34423246e197b221c5af4d8e5ee0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ab4e34423246e197b221c5af4d8e5ee0.exe
Size

1.9MB
MD5

ab4e34423246e197b221c5af4d8e5ee0
SHA1

8f8fa48b4835ed70e8df10eb7a53d7ce3d72aad8
SHA256

f9e3c0b1d753bb628947e01993cab62614ed2309d4a40738860cd18c5e15a450
SHA512

8e912ec8acafe7bcd8974034a4323218f15ab833c05dc64170da28959a0a74807b2361108bf90c607ed7f3a0a1c35c171652a5a23159965c917af0b376c9c80e
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AjE6p5:BemTLkNdfE0pZre

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ab4e34423246e197b221c5af4d8e5ee0.exe

Files

NEAS.ab4e34423246e197b221c5af4d8e5ee0.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE