xmrig | 24a2ceb0f480c866ad406f58427b57d4803b848200db5d60e4a1c0eeb883db61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24a2ceb0f480c866ad406f58427b57d4803b848200db5d60e4a1c0eeb883db61
Size

3.2MB
MD5

f81873240f0b4f160c02e13b3b3851f0
SHA1

079cabec472a2acab78bcc1033bdc86664dfa144
SHA256

24a2ceb0f480c866ad406f58427b57d4803b848200db5d60e4a1c0eeb883db61
SHA512

f6bb19cfaa490f496e1a64345f0e74091e3822a5365f58414b5ec55557e66f21846c0198e771ed59d9d93cf57b3fe1308d59a5bcfa400f6784b1443bbf6d5775
SSDEEP

98304:N0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc40O:NFWPClFkO

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24a2ceb0f480c866ad406f58427b57d4803b848200db5d60e4a1c0eeb883db61

Files

24a2ceb0f480c866ad406f58427b57d4803b848200db5d60e4a1c0eeb883db61
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE