Behavioral task
behavioral1
Sample
8869008c29848ad82e7201fb509eed0c15ebc7edc123c765a9dbf55a33417fb4.exe
Resource
win7-20240221-en
General
-
Target
8869008c29848ad82e7201fb509eed0c15ebc7edc123c765a9dbf55a33417fb4
-
Size
3.9MB
-
MD5
d6f7f723c4cbd76d17dbc4e97c8a6d59
-
SHA1
5718b4110551da94ddc6a5933eb727d69669b8fc
-
SHA256
8869008c29848ad82e7201fb509eed0c15ebc7edc123c765a9dbf55a33417fb4
-
SHA512
9a7db9e6737808b38aae274a2f8bef44d186815806a9d52b7bf7ac7b607f9b43b4a428f73266b81197c02d217ccdec065c81b85c4ef58eaa6fb6e1239d02f980
-
SSDEEP
98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWm:SbBeSFkq
Malware Config
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8869008c29848ad82e7201fb509eed0c15ebc7edc123c765a9dbf55a33417fb4
Files
-
8869008c29848ad82e7201fb509eed0c15ebc7edc123c765a9dbf55a33417fb4.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 1.3MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 525KB - Virtual size: 528KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE