xmrig | 5b97bb2af2a0977de01f5190bf72be355bb4e5beddc7628baf7da2eac099bb84_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b97bb2af2a0977de01f5190bf72be355bb4e5beddc7628baf7da2eac099bb84_NeikiAnalytics.exe
Size

3.3MB
MD5

0723813ebc31e505570d2e52fe4c7b90
SHA1

c3aeea27df95f2f5df0073e8e84675eb688510f4
SHA256

5b97bb2af2a0977de01f5190bf72be355bb4e5beddc7628baf7da2eac099bb84
SHA512

6158d875618840b86472a3ddd53ff795b9071646245ab609f65006c55784433b6155ef5cb0dbe27d3c25cf4fde0857a75719cc62e3dddb6e8c93c99e2a6fe22c
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWA:7bBeSFkM

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b97bb2af2a0977de01f5190bf72be355bb4e5beddc7628baf7da2eac099bb84_NeikiAnalytics.exe

Files

5b97bb2af2a0977de01f5190bf72be355bb4e5beddc7628baf7da2eac099bb84_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE