xmrig | 22805abe291bcecea95c969406ce0a4329f92120e258053948f8dab38f87c10c | Triage

Sharing

General

Target

22805abe291bcecea95c969406ce0a4329f92120e258053948f8dab38f87c10c
Size

2.8MB
MD5

e09e98b90362e8a84ca8fc7cdcd83905
SHA1

9ed854def046a08ee0dc8cba3dd4ad7996bbec78
SHA256

22805abe291bcecea95c969406ce0a4329f92120e258053948f8dab38f87c10c
SHA512

ae492ff314d3da8e07564cb3449c6e1147a3c959fc67344e9155d17e87608bbf72aeb56c7900258e711c47ec27b754e8c17bbaa2cb22912d912c37ed62df9016
SSDEEP

49152:sfTrF9KM194MNPy1ZbUCWnXnmDLWriwESe1F2uSpk/+zv5l6/KTeOcytZAG+K7XY:aTrR9ZSUDnmDLW+wkXf+zBAMeTV8XY

Score

10^/10

upx miner xmrig

Malware Config

Signatures

XMRig Miner payload 2 IoCs

resource	yara_rule
static1/unpack001/out.upx	xmrig
static1/unpack001/out.upx	family_xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
22805abe291bcecea95c969406ce0a4329f92120e258053948f8dab38f87c10c
unpack001/out.upx

Files

22805abe291bcecea95c969406ce0a4329f92120e258053948f8dab38f87c10c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ