kpot | 18d930546d6d94dad5823e3e27f9dc80NeikiAnalytics[.]exe | Triage

Sharing

General

Target

18d930546d6d94dad5823e3e27f9dc80NeikiAnalytics.exe
Size

1.9MB
MD5

18d930546d6d94dad5823e3e27f9dc80
SHA1

499e283a8eec561d866c0609b9d721da5e9a7971
SHA256

dbc6da2ef74ee5d6008a7ef097e91afde52237fb138fc40e508081e5b0e1d71f
SHA512

07b7199feb5c35b274d3034297de1512d828cbeb9e6c101c4d0c04a47e326f45184f6ea94cf2361e110f8017581dade1e93fb61aab97ad4476c41c20b6df7942
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StVEn0kst:BemTLkNdfE0pZrwg

Score

10^/10

miner upx kpot xmrig

Malware Config

Signatures

KPOT Core Executable 1 IoCs

resource	yara_rule
sample	family_kpot

Kpot family
kpot

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18d930546d6d94dad5823e3e27f9dc80NeikiAnalytics.exe

Files

18d930546d6d94dad5823e3e27f9dc80NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE