xmrig | 56687ff141ab96c102ee7a3dc0a4afe0_NEAS | Triage

Sharing

General

Target

56687ff141ab96c102ee7a3dc0a4afe0_NEAS
Size

2.2MB
MD5

56687ff141ab96c102ee7a3dc0a4afe0
SHA1

e0a0fab0c0a4dd92be60ad3d62d7a8b7b2f1572c
SHA256

fdd8d4cc63b859609fa6f6bf4740ad13a904d2226ac4cfe4b2ba1b9d5e6cd42d
SHA512

b0ea3951c3a180a4726865d47f3d24b9ea4f76d3e6f7c37b79cef217f150a7eebe5b19e0afdf76a6cd64bc1df8b1a6bdc8814e56a3dff071d5bbb8a0f6fab1ba
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQlqOdgWqDpp8:BemTLkNdfE0pZrQN

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56687ff141ab96c102ee7a3dc0a4afe0_NEAS

Files

56687ff141ab96c102ee7a3dc0a4afe0_NEAS
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE