xmrig | a23bc23ed2f924cb3462bb3347e75df02ae21b9a9f6ea1e7f652c907d88ef083 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a23bc23ed2f924cb3462bb3347e75df02ae21b9a9f6ea1e7f652c907d88ef083
Size

3.2MB
MD5

558e3b36237104106c7e821e286c14f3
SHA1

c1b3313d7e5448597a8334c29e179470fe71b1fa
SHA256

a23bc23ed2f924cb3462bb3347e75df02ae21b9a9f6ea1e7f652c907d88ef083
SHA512

6c50fdc04f7da96b542ec4bc0e6e3a2fe3fa6ca8520fa2965c588c98293f63558f857be5a368800fd55116a7e76204d9018105e4a787e833fd6e454ee123e5b9
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWV:7bBeSFkR

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a23bc23ed2f924cb3462bb3347e75df02ae21b9a9f6ea1e7f652c907d88ef083

Files

a23bc23ed2f924cb3462bb3347e75df02ae21b9a9f6ea1e7f652c907d88ef083
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE