xmrig | NEAS[.]7a807cf4f95e888bbc13bfccf03fa860[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7a807cf4f95e888bbc13bfccf03fa860.exe
Size

1.5MB
MD5

7a807cf4f95e888bbc13bfccf03fa860
SHA1

7aa4409342a3075a44ceb5ecdd899bfdda10cc18
SHA256

ecd8e8a3bd1a9aca3d144c08a4a103cd3c7abd941f5eb83968eb55ee11907a3b
SHA512

587b7890323a0867ee248fdee41c7b6a6c5627401902ebda21b2fb5019cb1f39c42ebc6b3b2b570a1af9c3d08337011bed67cd9e26bd34f47f1038b4d326f34d
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv32wTMcMn3hJmEN8gmjO:BezaTF8FcNkNdfE0pZ9ozt4wIXIZbq6

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7a807cf4f95e888bbc13bfccf03fa860.exe

Files

NEAS.7a807cf4f95e888bbc13bfccf03fa860.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE