xmrig | 1cd3c307521bd13f21d8673c281b582ecf1260ad0e6f5b299913cb061ddd2ed6[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cd3c307521bd13f21d8673c281b582ecf1260ad0e6f5b299913cb061ddd2ed6.exe
Size

2.4MB
MD5

6f66eee36e9eb368c4c07d99b3d428c0
SHA1

fa63b07f24bb5a33e909fae2c588b819e7caf890
SHA256

1cd3c307521bd13f21d8673c281b582ecf1260ad0e6f5b299913cb061ddd2ed6
SHA512

86204c413c7d12b9152b221450bb794d860ab26dd3a6a179b3f5c7633694fa2a4807ecb491442ac25d0743c9bd2da22ddc3ed59d367114c30ceeba2691d80d15
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wISK9NcHQ+rQzaof/:oemTLkNdfE0pZrZ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cd3c307521bd13f21d8673c281b582ecf1260ad0e6f5b299913cb061ddd2ed6.exe

Files

1cd3c307521bd13f21d8673c281b582ecf1260ad0e6f5b299913cb061ddd2ed6.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE