xmrig | 26e0bf900b6849e881996aeb4ae9cea0_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26e0bf900b6849e881996aeb4ae9cea0_NeikiAnalytics.exe
Size

2.0MB
MD5

26e0bf900b6849e881996aeb4ae9cea0
SHA1

7b5fdd42be467440589fe531f23e1e1b9d47f308
SHA256

533ed12c2a90373e55e865bff5963ebe40d91799aae08d0b2f1a30b360851b9b
SHA512

116729ced750ab21d9896ab0f1e2a70cd8d19eda157ccc2c70b234034509edd586cc1347e7314cba45637fbb9fc651b016a6c16269d9d34ddec251e83ebe71fb
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+AKavC2csKyoK:BemTLkNdfE0pZrQ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e0bf900b6849e881996aeb4ae9cea0_NeikiAnalytics.exe

Files

26e0bf900b6849e881996aeb4ae9cea0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE