xmrig | HEUR-Trojan[.]Win32[.]Miner[.]pef-c9faca577db12dd13c09e24638c488b0da1ae6a41ee568213193e664ab47c643

General

Target

HEUR-Trojan.Win32.Miner.pef-c9faca577db12dd13c09e24638c488b0da1ae6a41ee568213193e664ab47c643
Size

3.1MB
MD5

b0155420f6a5ec19e95719f71e4be2c6
SHA1

4300dff5971141599951e349f6cb72e2f302a9dd
SHA256

c9faca577db12dd13c09e24638c488b0da1ae6a41ee568213193e664ab47c643
SHA512

2350dd207883a6b2e95a55f28d33c68ee591271f54de32cee066341ce32f195bd388b29006de357fec6ac4f750fed5d8e0b2c65340348b19307ed8a73f861d7e
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWH:SbBeSFkT

Score

10^/10

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Miner.pef-c9faca577db12dd13c09e24638c488b0da1ae6a41ee568213193e664ab47c643