xmrig | f4e3c5c9ea9f44219ba142fe7a3f6c5146d6f9fe4f33bf2e30e806ae1cae9842

General

Target

f4e3c5c9ea9f44219ba142fe7a3f6c5146d6f9fe4f33bf2e30e806ae1cae9842
Size

2.9MB
MD5

5ccc070c0f3bcb444029b69c72baefc4
SHA1

d22c32c6c19235eb3e637ae8eae08a3db1021d45
SHA256

f4e3c5c9ea9f44219ba142fe7a3f6c5146d6f9fe4f33bf2e30e806ae1cae9842
SHA512

7d06041547852d9c1a61ba665b03343f8c6d12915b87d675542ca4f78e3f40d46bd314e7a4b2b595a1928c4bb93f8084b324811e68652a9b8e4c1fa54aefdbb7
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2auTqao/cu:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R9

Score

10^/10

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
sample	xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4e3c5c9ea9f44219ba142fe7a3f6c5146d6f9fe4f33bf2e30e806ae1cae9842