xmrig | 52b18b53b874e84a91b75c3c89cba220_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52b18b53b874e84a91b75c3c89cba220_NeikiAnalytics.exe
Size

1.9MB
MD5

52b18b53b874e84a91b75c3c89cba220
SHA1

e61779cb37045a07d66498823a6312e6b3990c59
SHA256

0f968a7a4c1d09cbaa4a66c3792ab5f23ea3a036d716891d4d554ba9122c87b2
SHA512

1051e6881c5e3cc74c36b627b555cc5fcf52a1a25e2b114feb7f8410721d17edfff0773af45a1aec644e9d5345fa74831c699e2b53b5fdd092537170180ce4f7
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQW/zFdDEANW71eTK/:BemTLkNdfE0pZrQ5

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52b18b53b874e84a91b75c3c89cba220_NeikiAnalytics.exe

Files

52b18b53b874e84a91b75c3c89cba220_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE