Overview

overview

10

Static

static

10

14e2642566...cs.exe

windows7-x64

10

14e2642566...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    14e2642566840a4f476275287c802490_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240511-szlzgsdf7t

  • MD5

    14e2642566840a4f476275287c802490

  • SHA1

    24c620ace7b0d310456857538ec8573c30820bc6

  • SHA256

    8785153dd7fccba954fd89b14c01aef7ae9381827a11bdf8eb8c260a0e6c2d9c

  • SHA512

    68a186a82665a0aceab914e5790f3b9f5db5729afcf1005c1e5b0f9bceb3b6a87bc38c3a97c95e1d31a30eae601fd96581c80939a68ba9d7b41f32388d7377fc

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVg:Lz071uv4BPMkFfdg6NsNtJVg

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      14e2642566840a4f476275287c802490_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      14e2642566840a4f476275287c802490

    • SHA1

      24c620ace7b0d310456857538ec8573c30820bc6

    • SHA256

      8785153dd7fccba954fd89b14c01aef7ae9381827a11bdf8eb8c260a0e6c2d9c

    • SHA512

      68a186a82665a0aceab914e5790f3b9f5db5729afcf1005c1e5b0f9bceb3b6a87bc38c3a97c95e1d31a30eae601fd96581c80939a68ba9d7b41f32388d7377fc

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVg:Lz071uv4BPMkFfdg6NsNtJVg

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks