General

  • Target

    9660c53cf103a3a26f2238ff5a0d6c60_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240518-f1axdsde97

  • MD5

    9660c53cf103a3a26f2238ff5a0d6c60

  • SHA1

    bd87c8f113781158af1679e65ad1332a8d49d064

  • SHA256

    873101bd860f24b6c62365131dfa85c2454a555229132f7a82b13c1faa6323f3

  • SHA512

    9ca1eb5bb636ebb056d91d66617c801604ea6cfdaa10708342d4abd56a70a584cc4c5680cee3d768bfab13458337a3cfd28daa73b5177d67ea3160bbc8364c33

  • SSDEEP

    49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IaSEzQR4ZcD:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R9

Malware Config

Targets

    • Target

      9660c53cf103a3a26f2238ff5a0d6c60_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      9660c53cf103a3a26f2238ff5a0d6c60

    • SHA1

      bd87c8f113781158af1679e65ad1332a8d49d064

    • SHA256

      873101bd860f24b6c62365131dfa85c2454a555229132f7a82b13c1faa6323f3

    • SHA512

      9ca1eb5bb636ebb056d91d66617c801604ea6cfdaa10708342d4abd56a70a584cc4c5680cee3d768bfab13458337a3cfd28daa73b5177d67ea3160bbc8364c33

    • SSDEEP

      49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IaSEzQR4ZcD:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R9

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks