Behavioral task
behavioral1
Sample
e5fb8a629683859b795f6897b6bdb9c446124769116ea13ab3d209f1513bc791.exe
Resource
win7-20240508-en
General
-
Target
e5fb8a629683859b795f6897b6bdb9c446124769116ea13ab3d209f1513bc791
-
Size
2.2MB
-
MD5
6ef4170348996e1e485cbc1c2f7cbd0c
-
SHA1
ad386f976e3d32bdd93286733ac1243e8032ae71
-
SHA256
e5fb8a629683859b795f6897b6bdb9c446124769116ea13ab3d209f1513bc791
-
SHA512
34bf1cd97df91745689076daac9c4c5b1db4906d9e9081d92016440a71e04cba61871a16d4437e143ebec08a9ef5284e4fd52e9dea4096023b0517d8d626f420
-
SSDEEP
49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Agr6StVEnmcI+2IA68:BemTLkNdfE0pZrwk
Malware Config
Signatures
-
KPOT Core Executable 1 IoCs
resource yara_rule sample family_kpot -
Kpot family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e5fb8a629683859b795f6897b6bdb9c446124769116ea13ab3d209f1513bc791
Files
-
e5fb8a629683859b795f6897b6bdb9c446124769116ea13ab3d209f1513bc791.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 724KB - Virtual size: 3.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 272KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE