xmrig | NEAS[.]d529e34cb8c0f2dbc6692381ab0f1c20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d529e34cb8c0f2dbc6692381ab0f1c20.exe
Size

2.6MB
MD5

d529e34cb8c0f2dbc6692381ab0f1c20
SHA1

15ee22e0ee56c6f13b547e4f4c2ff3c5b325e6eb
SHA256

d1936934ef2119fcd4623ea6d14004ec20a1af82f19f9d4e4b1da50e7caaf5f9
SHA512

3f7aa6f5adff1c591c929730793c5adf7fb764d8d8e66b2bbdc40633df312c1ed4956d2b0406c67503db6ee3c2484d0ca4b65c1fa3b8c0fba5836fe85db1d83a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wINF/Y2jSzUwBJLJ:BemTLkNdfE0pZrU

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d529e34cb8c0f2dbc6692381ab0f1c20.exe

Files

NEAS.d529e34cb8c0f2dbc6692381ab0f1c20.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE