xmrig | 8233a958f2233f8afd3c5390d9ca2940_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8233a958f2233f8afd3c5390d9ca2940_NeikiAnalytics.exe
Size

2.0MB
MD5

8233a958f2233f8afd3c5390d9ca2940
SHA1

26aa73579c0444a9be4989b0182a2681d48651ba
SHA256

8a1e5e1ddcf2e0e8f683d20a30b4c462bbb9dcc9f30fe2c6e72d046348f2f900
SHA512

1a1a82edd723867ae3443405cf4733e2cab54f967b281b1df2fd5cb10711d905f8e1047c35f7ce7732578bfc3dd1a9e2b1f127a5e950053ce010a867d392436a
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIaHs1PTma87NY9:BemTLkNdfE0pZrX

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8233a958f2233f8afd3c5390d9ca2940_NeikiAnalytics.exe

Files

8233a958f2233f8afd3c5390d9ca2940_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE