xmrig | HEUR-Trojan[.]Win32[.]Miner[.]pef-17ef0b092c6d9a25aa8fe46085b2687c5f0b0782639b2b57d27e9e0b659f5d8b

General

Target

HEUR-Trojan.Win32.Miner.pef-17ef0b092c6d9a25aa8fe46085b2687c5f0b0782639b2b57d27e9e0b659f5d8b
Size

3.3MB
MD5

39a075cb2483ca0c6154baa0f72fae6c
SHA1

8da4f699470889ba475d1e961fe0331f36178e27
SHA256

17ef0b092c6d9a25aa8fe46085b2687c5f0b0782639b2b57d27e9e0b659f5d8b
SHA512

223712381bfa8c0aa6494ee6248a447f53c8f279766a85b3cf8851b177078f226d3e05a90d5844722d14c8b44d74267cae14f474664c05b9a6c532b2923f71ab
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW9:SbBeSFk5

Score

10^/10

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Miner.pef-17ef0b092c6d9a25aa8fe46085b2687c5f0b0782639b2b57d27e9e0b659f5d8b