xmrig | 804a6718b26ce74d596cf01cedfcaf30_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

804a6718b26ce74d596cf01cedfcaf30_NeikiAnalytics.exe
Size

2.2MB
MD5

804a6718b26ce74d596cf01cedfcaf30
SHA1

70b03737d68e24b78c1000fe9ac6cfba2c5a1068
SHA256

e7b752a9fb14c5e6c210e96ba90979a6c116b6851732d443a256c8c207d57847
SHA512

635db0db87f218a4019fe6ff8cd703ac49061d9ae12f0c016a1ab33f8fc312bea4da1e0c8a0f1aa9b9e3dc0712d35707432ace5a95a1ae95ffa5fafeb7105a79
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlMmSd7Df3rR6oustW/:BemTLkNdfE0pZr1

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
804a6718b26ce74d596cf01cedfcaf30_NeikiAnalytics.exe

Files

804a6718b26ce74d596cf01cedfcaf30_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE