xmrig | 859a2c6b1760cd2b1ae7258bb3bcc4b0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

859a2c6b1760cd2b1ae7258bb3bcc4b0_NeikiAnalytics
Size

3.0MB
MD5

859a2c6b1760cd2b1ae7258bb3bcc4b0
SHA1

8b9ddc22e5afa62dd04742eac51b0bbad0d76104
SHA256

21e24fe63f6a789351fc0e073000b4e3f7c309c2cefc88cfb06a3aeb2c81c1ed
SHA512

bdec32bfa6ab30ce5bf47a7c2758785b4b7cb2de4bc111e8cbc66ea48b774b2e9be1eb0e930c6ad476cc8c9a59265bd4cbaa16f2d767a2b4ce9d16e88ce4b2e4
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIM56uL3pgrCEdMKPFotsgE1vLCCChcs:BemTLkNdfE0pZrM56utgpPFotBEi

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
859a2c6b1760cd2b1ae7258bb3bcc4b0_NeikiAnalytics

Files

859a2c6b1760cd2b1ae7258bb3bcc4b0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE