Overview

overview

10

Static

static

10

4d9144ac09...cs.exe

windows7-x64

10

4d9144ac09...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4d9144ac0931e0d8548fc83e7f9d9f30_NeikiAnalytics

  • Size

    3.2MB

  • Sample

    240510-cyynwsdg41

  • MD5

    4d9144ac0931e0d8548fc83e7f9d9f30

  • SHA1

    a97a2bd15e80984f3ef4445ed6d768d1cc1148d6

  • SHA256

    f9b41ddbee08f4f54c47cf626508f08e66af9a09bde29c5fba06a4ddffee868c

  • SHA512

    f8a078786a3314386a5170c7e5f89cb3d91d9322b1a1e9a4756e5f0d68cbed952bbdbcb366c789d2f104d45bf0f4f1561df59a7fe40be851567e90e7d4bf9b06

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWY:SbBeSFk8

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      4d9144ac0931e0d8548fc83e7f9d9f30_NeikiAnalytics

    • Size

      3.2MB

    • MD5

      4d9144ac0931e0d8548fc83e7f9d9f30

    • SHA1

      a97a2bd15e80984f3ef4445ed6d768d1cc1148d6

    • SHA256

      f9b41ddbee08f4f54c47cf626508f08e66af9a09bde29c5fba06a4ddffee868c

    • SHA512

      f8a078786a3314386a5170c7e5f89cb3d91d9322b1a1e9a4756e5f0d68cbed952bbdbcb366c789d2f104d45bf0f4f1561df59a7fe40be851567e90e7d4bf9b06

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWY:SbBeSFk8

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks