kpot | ac9ffc02180aa525d50f30e4cf126330_NeikiAnalytics | Triage

Sharing

General

Target

ac9ffc02180aa525d50f30e4cf126330_NeikiAnalytics
Size

2.2MB
MD5

ac9ffc02180aa525d50f30e4cf126330
SHA1

222f4c2955690a6466763408bc19d4968bb4ef60
SHA256

81d843e5aa1e38f8a9f7e7457048bc0ea5d2f229dab6ad504301dce9c2163150
SHA512

25b4c3b2ad2444ca531a9425c4591a0f2a9af6aed1b6a2c12b82df5b11207cbc949e598c46a1cc36f78f16da61f3667c5118e59b84f20aeedf627aa34e0fedf9
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StVEnmcKxYDvZThTm:BemTLkNdfE0pZrwK

Score

10^/10

miner upx kpot xmrig

Malware Config

Signatures

KPOT Core Executable 1 IoCs

resource	yara_rule
sample	family_kpot

Kpot family
kpot

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac9ffc02180aa525d50f30e4cf126330_NeikiAnalytics

Files

ac9ffc02180aa525d50f30e4cf126330_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE