xmrig | 59c473b2b11d6433749ce3f96ed5beb0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59c473b2b11d6433749ce3f96ed5beb0_NeikiAnalytics
Size

2.0MB
MD5

59c473b2b11d6433749ce3f96ed5beb0
SHA1

d2354ebfe33a3118ac68fede8d3cd7371895e510
SHA256

df55dd99b8d7ae1a5927a07c68b0b4cceb5416ecb256623b48ca0fbbdbb2b28e
SHA512

51a7296d0e971c60f90100e64f26067ff788b7fb03635fe148a9e7a784530eacb05c9ebf820e6acf78f225d5b2f1abf210e7363004db00e460d6e6cd6629cea9
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQUUvlhqLr2+W4/B:BemTLkNdfE0pZrQi

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59c473b2b11d6433749ce3f96ed5beb0_NeikiAnalytics

Files

59c473b2b11d6433749ce3f96ed5beb0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE