xmrig | 017a679cdfbe87919ea1b1b1f0dabe5741e62ff2b545e1f0f97806824d9f999f[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

017a679cdfbe87919ea1b1b1f0dabe5741e62ff2b545e1f0f97806824d9f999f.exe
Size

3.2MB
MD5

1fb2973ee0963d53dc5204fb7add96a0
SHA1

23c3f630755b50b73d9bd91949681dfcb232d988
SHA256

017a679cdfbe87919ea1b1b1f0dabe5741e62ff2b545e1f0f97806824d9f999f
SHA512

8b3778b2c4c78a6d6b4fd29af323dcf5f69b695908d7f8f4d62bdbd29be8a27cce7dc7ebb493c8a94ff5fac6cd01aae9685538914deb1d5b475e787c8a6a666c
SSDEEP

98304:w0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjc40J:wFWPClFkJ

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
017a679cdfbe87919ea1b1b1f0dabe5741e62ff2b545e1f0f97806824d9f999f.exe

Files

017a679cdfbe87919ea1b1b1f0dabe5741e62ff2b545e1f0f97806824d9f999f.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE