Overview

overview

10

Static

static

10

dfbec9d123...cs.exe

windows7-x64

10

dfbec9d123...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dfbec9d1233eca4c7a3048cc7ecbbe30_NeikiAnalytics

  • Size

    2.8MB

  • Sample

    240510-plwpzshe67

  • MD5

    dfbec9d1233eca4c7a3048cc7ecbbe30

  • SHA1

    4d80858a1a4e6f952484516b41cdad7fa73af068

  • SHA256

    42a55cbe4ae1a8a7d136de53c5c23dc44585c9656fad87abf2a45ee004a6e63a

  • SHA512

    171da60a4fd92c4eecccba17f4d06718a23fa234cfc64a0d1a8e76d1db1dfa1f290892ba5316a08a211c47f35617f167f7e06df75802ca059a7c809a61510c08

  • SSDEEP

    49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2auTK4H:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RM

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      dfbec9d1233eca4c7a3048cc7ecbbe30_NeikiAnalytics

    • Size

      2.8MB

    • MD5

      dfbec9d1233eca4c7a3048cc7ecbbe30

    • SHA1

      4d80858a1a4e6f952484516b41cdad7fa73af068

    • SHA256

      42a55cbe4ae1a8a7d136de53c5c23dc44585c9656fad87abf2a45ee004a6e63a

    • SHA512

      171da60a4fd92c4eecccba17f4d06718a23fa234cfc64a0d1a8e76d1db1dfa1f290892ba5316a08a211c47f35617f167f7e06df75802ca059a7c809a61510c08

    • SSDEEP

      49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2auTK4H:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RM

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks