kpot | f7d4271037a835098230a227241d96c0_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7d4271037a835098230a227241d96c0_NEAS
Size

1.9MB
MD5

f7d4271037a835098230a227241d96c0
SHA1

dbe794ea0b9e4fb838f1f09e843da5987cde9535
SHA256

d17fe7d435ebccee818ef9fc5cb8be435d4c0e6b4401441fb7771d6ad8f39dd6
SHA512

7811e2e34abf04a66b154f3f24dfd08675d63c9cffa283bb7a3b3a2aa45a8d1aa39d41938365e177bd340cecf9f3e8adff87df2948b8059dc29b81a840a0f0c4
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6Stnl:BemTLkNdfE0pZrwo

Score

10^/10

miner upx kpot xmrig

Malware Config

Signatures

KPOT Core Executable 1 IoCs

resource	yara_rule
sample	family_kpot

Kpot family
kpot

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7d4271037a835098230a227241d96c0_NEAS

Files

f7d4271037a835098230a227241d96c0_NEAS
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE