xmrig | 1f53f1d2d613ac448b48474e81458969209defbd289c4ab0de3cf837d7ad3d51[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f53f1d2d613ac448b48474e81458969209defbd289c4ab0de3cf837d7ad3d51.exe
Size

2.5MB
MD5

415a806700959301d233cd1ad0faba30
SHA1

fdefbf6f2d7074b725d5cd5aac4f7b7904d5fc42
SHA256

1f53f1d2d613ac448b48474e81458969209defbd289c4ab0de3cf837d7ad3d51
SHA512

254882249a440d5477ebd5c21aff2a22eb1015bfd4dbb682b08b09e4c674cf8201e496fbd23943ca4b0c014144892f9da2a82fd66b812657f185d2d04beb50b3
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQlqOdgWqnSIqdtqTG:oemTLkNdfE0pZrQP

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f53f1d2d613ac448b48474e81458969209defbd289c4ab0de3cf837d7ad3d51.exe

Files

1f53f1d2d613ac448b48474e81458969209defbd289c4ab0de3cf837d7ad3d51.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE