xmrig | NEAS[.]4900f1f7b95ea1ecdaf68070a08f6af0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4900f1f7b95ea1ecdaf68070a08f6af0.exe
Size

2.1MB
MD5

4900f1f7b95ea1ecdaf68070a08f6af0
SHA1

2031dc5e8377b91014e9231f2859e348c5b76dd8
SHA256

07b8478131cc8c483ad21ac6c5107228c0c1e7c98296321203b4794118fcf216
SHA512

83d329b99fbd659017fe11a1cf997d01c2760cd6f2fca0a82d9e19192a67fa3f3a26189fd644545e7df4f897296a9dd79bb8f750c377acf857116b02639f2d97
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wICbbnlD5/xFGxOa:BemTLkNdfE0pZr3

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4900f1f7b95ea1ecdaf68070a08f6af0.exe

Files

NEAS.4900f1f7b95ea1ecdaf68070a08f6af0.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE