xmrig | bf8e0f8d70576adfcf31e42b243b2d45cef5d6119f91975d9c934e94efec7859 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf8e0f8d70576adfcf31e42b243b2d45cef5d6119f91975d9c934e94efec7859
Size

1.9MB
MD5

3e6dbc64e45d2a319f545f8f4d36754d
SHA1

2d8f0756a9bd4eabbbe55f651910e69b80c3ba45
SHA256

bf8e0f8d70576adfcf31e42b243b2d45cef5d6119f91975d9c934e94efec7859
SHA512

714ff831bf30b1cdc5952604c3d0dfafc71752c6823315e972ea9d1c3c99815933813566da089295d88015e0731cbe2cfe317011c07711e969afc72bf77bcbdd
SSDEEP

49152:GezaTF8FcNkNdfE0pZ9oztFwI3IUCmbkJf28c2KEShaoe:GemTLkNdfE0pZaC

Score

10^/10

miner xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf8e0f8d70576adfcf31e42b243b2d45cef5d6119f91975d9c934e94efec7859

Files

bf8e0f8d70576adfcf31e42b243b2d45cef5d6119f91975d9c934e94efec7859
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ