xmrig | 21657ead6dd71141b6a3ca3d9a862330N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21657ead6dd71141b6a3ca3d9a862330N.exe
Size

2.5MB
MD5

21657ead6dd71141b6a3ca3d9a862330
SHA1

656efd703e5de557b993977572d126a7c2f8dd1e
SHA256

048247a145509d11274684298cd3c895317fc91f5e11351f95d9f9026b5bbcf5
SHA512

f92485d7f967c73baec14be7c8afd992ca6318808ea49b0eff7379b56e324f448a036e981aa941d848f125f709d0172d0a0dadcd8cd8913c707056b99c123311
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQFD2P6QV8NqMyLEQIU4PA:oemTLkNdfE0pZrQ4

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21657ead6dd71141b6a3ca3d9a862330N.exe

Files

21657ead6dd71141b6a3ca3d9a862330N.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE