xmrig | 7b6b5ae267da7f27b662afe8bdd208b0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7b6b5ae267da7f27b662afe8bdd208b0N.exe
Size

1.6MB
MD5

7b6b5ae267da7f27b662afe8bdd208b0
SHA1

701435a9d4a914cb61c991e4320bbfb1eed16a39
SHA256

bd88b5382602991aaa694efb37db9c4277ed9c854e18881ac7e731067457c2ab
SHA512

66bf44bd572926dededf49036fa00dc88813036f9156db5c862e9f4bcd6af24271dc93c9970fc148f081bf801510f272e5eb560b9f2b4fe89fc7af215bdf57b2
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv3Q7W8QaBClMnhaXs:BezaTF8FcNkNdfE0pZ9ozt4wICb5Vb

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b6b5ae267da7f27b662afe8bdd208b0N.exe

Files

7b6b5ae267da7f27b662afe8bdd208b0N.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE