xmrig | 067bb695f54df9843b01ec04fcf64d1a9ec35499318c3a62d6b634507884bdb6 | Triage

Sharing

General

Target

067bb695f54df9843b01ec04fcf64d1a9ec35499318c3a62d6b634507884bdb6
Size

1.9MB
MD5

4b225cfd79f9ad75fe798349606c4822
SHA1

39343c0df47dbed80d6ae8bb4c18493f85f02325
SHA256

067bb695f54df9843b01ec04fcf64d1a9ec35499318c3a62d6b634507884bdb6
SHA512

9ca2b61f67f2a1891f902414af7011e17a880352c04c2f4fe609ec71ed417e3143fc15bc51c618e8885d09a5934d82bea95de8c16d915c3380c3477034560c09
SSDEEP

49152:sGUzr9GOWh50kC1/dVFdNaeUE3LqW1T/f5iBA9R86DHVVzP7ffQmSv:sG6r9GOWPClFdNaeUE3LqW1T/f5iBA90

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067bb695f54df9843b01ec04fcf64d1a9ec35499318c3a62d6b634507884bdb6

Files

067bb695f54df9843b01ec04fcf64d1a9ec35499318c3a62d6b634507884bdb6
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE