xmrig | NEAS[.]38c8e938ef7de9d301001f1b7bc0e470[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.38c8e938ef7de9d301001f1b7bc0e470.exe
Size

1.9MB
MD5

38c8e938ef7de9d301001f1b7bc0e470
SHA1

830326c5d517a14936f84b218caaa1e5f49c415a
SHA256

e4152f9eaa1d437ae11aa0e227bb436d068793f087c3a9564c831e2f3d72e357
SHA512

3291d3f91b0979934407087b839429b8369d81263e552906701b98f02fecbf0ecbcdc753a01d2e84ac8574f501797392f1d44efc082aa8cf057a069b17fe9ad3
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+A8Jh1Aaa3DlF:BemTLkNdfE0pZr8

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.38c8e938ef7de9d301001f1b7bc0e470.exe

Files

NEAS.38c8e938ef7de9d301001f1b7bc0e470.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE