Behavioral task
behavioral1
Sample
b3247d18021d789a9bbe190140a1374de78e02b4e43bbb5c58b8e9897ac2d2b9.exe
Resource
win7-20240215-en
General
-
Target
b3247d18021d789a9bbe190140a1374de78e02b4e43bbb5c58b8e9897ac2d2b9
-
Size
1.8MB
-
MD5
7b16aa1b96812f72b73b8d5548080547
-
SHA1
5a6752a08e0cc98935804ffcb0400c327d61daf0
-
SHA256
b3247d18021d789a9bbe190140a1374de78e02b4e43bbb5c58b8e9897ac2d2b9
-
SHA512
bd182c06aca3da7149b14525f7d1c94c633cc2e2b6bcdf0927b3053cd3251c4964cf3c04334b0f1c15b78d4f8f494d72fde921c7d40a9ef25c77a784daa4f03d
-
SSDEEP
24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFts:Lz071uv4BPMkibTIA5I4TNrpDGgDQ9vS
Malware Config
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
resource yara_rule static1/unpack001/out.upx INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
XMRig Miner payload 1 IoCs
resource yara_rule static1/unpack001/out.upx xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource b3247d18021d789a9bbe190140a1374de78e02b4e43bbb5c58b8e9897ac2d2b9 unpack001/out.upx
Files
-
b3247d18021d789a9bbe190140a1374de78e02b4e43bbb5c58b8e9897ac2d2b9.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 3.4MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 525KB - Virtual size: 528KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 218KB - Virtual size: 217KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_TEXT_CN Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_TEXT_CN Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ