xmrig | 60cedbd8e25f19ff5a874847a4c2ce40_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

60cedbd8e25f19ff5a874847a4c2ce40_NeikiAnalytics
Size

1.9MB
MD5

60cedbd8e25f19ff5a874847a4c2ce40
SHA1

7337b30f8f942e718797c7251c8cacbaf5f9ad9f
SHA256

b90de5f98b26ea23e4a7005445f77bcbf486b3485c7025f827af5917dd4fe5b6
SHA512

b4b72c9974a4779a36994c81e0e1620b611985039c0a44af856ce1640885decce1e0faaebb34e1e075ac5466828aa41a3884a38c9d117ddf393cdc4fc743b0f0
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpuzBF6727XL1+KvSjsvZJI:BezaTF8FcNkNdfE0pZ9ozt4wIQHxxWl

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60cedbd8e25f19ff5a874847a4c2ce40_NeikiAnalytics

Files

60cedbd8e25f19ff5a874847a4c2ce40_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE