Overview

overview

10

Static

static

10

09c52a660c...cs.exe

windows7-x64

10

09c52a660c...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    09c52a660cd13d45ea1803dd6348d250_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240511-qyp9each83

  • MD5

    09c52a660cd13d45ea1803dd6348d250

  • SHA1

    53fcf1db139550e995b825c4d9fb5ce585855a67

  • SHA256

    f3a0d72858011574c3a443bac50203826847e7d665b6ef84cc893bb39f3401bb

  • SHA512

    cccc1912c8680941dc3c0b7298669230711dfad39eff636fd8ec2254243438823aa32ede8ba113bd235f77fb993c52e8c824bc32ed39aea0b6de2d196a5ec6ca

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoY5VKZ/:Lz071uv4BPMkHC0IEFToC6

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      09c52a660cd13d45ea1803dd6348d250_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      09c52a660cd13d45ea1803dd6348d250

    • SHA1

      53fcf1db139550e995b825c4d9fb5ce585855a67

    • SHA256

      f3a0d72858011574c3a443bac50203826847e7d665b6ef84cc893bb39f3401bb

    • SHA512

      cccc1912c8680941dc3c0b7298669230711dfad39eff636fd8ec2254243438823aa32ede8ba113bd235f77fb993c52e8c824bc32ed39aea0b6de2d196a5ec6ca

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoY5VKZ/:Lz071uv4BPMkHC0IEFToC6

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks