General

  • Target

    b09728c26e763ce9d8616978b3efe700_NeikiAnalytics

  • Size

    2.5MB

  • Sample

    240513-lz7smahd2s

  • MD5

    b09728c26e763ce9d8616978b3efe700

  • SHA1

    413aaf5bd4790cfd8b7abd79db7689c8ffa892da

  • SHA256

    15f43c6d3d723972252142d54f6886b6dd7873b43b2ae228baaf34b1899089cb

  • SHA512

    85e60621e20f01e4620751042cf780c4c58b97b28cdd74da4ad3d4f170bdfa3bd0d171b610368810c5ad29bcdd8be8edd8dadc5727f891258babfdbac16faf8c

  • SSDEEP

    49152:yUBCLGKxRX3XYHS8wVnn7uF2cp0Y2jd7VTS16nk/P/KjriLf/fdF:hsLG2XYHr4nO2cN8d6MQPSjrInfdF

Malware Config

Targets

    • Target

      b09728c26e763ce9d8616978b3efe700_NeikiAnalytics

    • Size

      2.5MB

    • MD5

      b09728c26e763ce9d8616978b3efe700

    • SHA1

      413aaf5bd4790cfd8b7abd79db7689c8ffa892da

    • SHA256

      15f43c6d3d723972252142d54f6886b6dd7873b43b2ae228baaf34b1899089cb

    • SHA512

      85e60621e20f01e4620751042cf780c4c58b97b28cdd74da4ad3d4f170bdfa3bd0d171b610368810c5ad29bcdd8be8edd8dadc5727f891258babfdbac16faf8c

    • SSDEEP

      49152:yUBCLGKxRX3XYHS8wVnn7uF2cp0Y2jd7VTS16nk/P/KjriLf/fdF:hsLG2XYHr4nO2cN8d6MQPSjrInfdF

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Creates new service(s)

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks