xmrig | d9ee0a8f63e2b1e3c9de2e77907cabc01c6a2e8c1a1d4898734251349ad6a890[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9ee0a8f63e2b1e3c9de2e77907cabc01c6a2e8c1a1d4898734251349ad6a890.exe
Size

2.1MB
MD5

d5a42ee9713ca4abb0202abc8d69d3e0
SHA1

855e4222c8d9979e79a371adf7a5a98158d628a2
SHA256

d9ee0a8f63e2b1e3c9de2e77907cabc01c6a2e8c1a1d4898734251349ad6a890
SHA512

7fc73615e3e4ee8e79921f11d8cd910076a371be0d9c27ca0cffc06a550bc429b56488033a95d2ed205c3a82686e64b9971441c52a96438285ae6ebb6334d99c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXxeHNNPwHEgAmM:BemTLkNdfE0pZrs

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9ee0a8f63e2b1e3c9de2e77907cabc01c6a2e8c1a1d4898734251349ad6a890.exe

Files

d9ee0a8f63e2b1e3c9de2e77907cabc01c6a2e8c1a1d4898734251349ad6a890.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE