kpot | 078b32b57216bbff7729a7591f9df0a0_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

078b32b57216bbff7729a7591f9df0a0_NeikiAnalytics.exe
Size

2.3MB
MD5

078b32b57216bbff7729a7591f9df0a0
SHA1

123de4404d3475d28d7906b6566adaf8f65cf82f
SHA256

47a747c1a6c331fe841b32ac5946a525bd006e2e18847689a41f2fe87c85ebc4
SHA512

3578c7196f5869aaee51a0af232c28e07824a3080b042e44b1d4469b3975988b0b2edcb41b39b80e467e43c7e2c727912f091caabb7b6cf3a67707299eb41dd9
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6SqCPGvTSxA:BemTLkNdfE0pZrw9

Score

10^/10

miner upx kpot xmrig

Malware Config

Signatures

KPOT Core Executable 1 IoCs

resource	yara_rule
sample	family_kpot

Kpot family
kpot

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
078b32b57216bbff7729a7591f9df0a0_NeikiAnalytics.exe

Files

078b32b57216bbff7729a7591f9df0a0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE