xmrig | 8f7bf36f2d26e5bc9ae512bf853301d0_NEAS | Triage

Sharing

General

Target

8f7bf36f2d26e5bc9ae512bf853301d0_NEAS
Size

1.9MB
MD5

8f7bf36f2d26e5bc9ae512bf853301d0
SHA1

b0d84a4c596611fca0ee77eb8a339a5f6ecb6a24
SHA256

b850f3c571714e4d3d613bba92b97be6960af52c4735f6ffa3f9b5c689d18c67
SHA512

8b5cbcb396540227c8e7baaa963eed51af38cbb69a27c8e0ce431c38d950fc0fe6b6337db4aef2c456e4bf280e0b4877c41c0a109331d2063b321f3aa24e142d
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQwNUQwZe:BemTLkNdfE0pZrQI

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f7bf36f2d26e5bc9ae512bf853301d0_NEAS

Files

8f7bf36f2d26e5bc9ae512bf853301d0_NEAS
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE