xmrig | NEAS[.]e351ea846413f53a7f5a6cc6d38f3bc0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e351ea846413f53a7f5a6cc6d38f3bc0.exe
Size

2.9MB
MD5

e351ea846413f53a7f5a6cc6d38f3bc0
SHA1

7a6c7caf0e93e1d42f3c6499e4f92afe0637ff36
SHA256

b9b8e7ab5dc5f5bdc8579b6b8e7c6d7315c8e7c857f322119694551f1d12da4f
SHA512

a1f4a3b3ec8ff290e9044f136bc535fd208adf33425d36c0f5ea7b6465c465c078ab89bb5cfb99797e51f0e7e6cfdc691f572421d377e17832d3237915b33eef
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5CJvd3Z3h:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R4

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e351ea846413f53a7f5a6cc6d38f3bc0.exe

Files

NEAS.e351ea846413f53a7f5a6cc6d38f3bc0.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE