xmrig | NEAS[.]c79d2b71583e94e26a48dffc4bc0c690[.]exe | Triage

Sharing

General

Target

NEAS.c79d2b71583e94e26a48dffc4bc0c690.exe
Size

2.2MB
MD5

c79d2b71583e94e26a48dffc4bc0c690
SHA1

16e4b8e1a033d82bf52a212553a1bb89d6f05a88
SHA256

013278066d35c7c3a6b9bc1dc07a3a1e6e29763d6bc4a9d6fddd8addabe02fae
SHA512

fb274e970f5d93495c4257395ad05ad779e24411e7b1d8327fbe011d96c6aed3108ce6184ac4ebdc54000ee74f7add43c638eb3e7c5f42c34b2b6be3382ce964
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AaWnTKOEUW:BemTLkNdfE0pZrF

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c79d2b71583e94e26a48dffc4bc0c690.exe

Files

NEAS.c79d2b71583e94e26a48dffc4bc0c690.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE