General

  • Target

    baec9a48619d01c238b616ab64ae1000_NeikiAnalytics.exe

  • Size

    3.2MB

  • Sample

    240518-kslfdace53

  • MD5

    baec9a48619d01c238b616ab64ae1000

  • SHA1

    597ff70eef9e1f3d1963346eb8ea90ebffd0941f

  • SHA256

    9ade3d7b5b80c0aa052d9580041faffe54e23e7d5982716be2a785bf0e48b0d6

  • SHA512

    1bc6b59aabb568e79cf7f24b7620c6a4b0293ccb78bf03a8f85d695cce77b170f88e2854bd0f52ccf30052e5bdc71f6358653bc3ca5ce1b52ad9ae153cc34b67

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWI:SbBeSFkk

Malware Config

Targets

    • Target

      baec9a48619d01c238b616ab64ae1000_NeikiAnalytics.exe

    • Size

      3.2MB

    • MD5

      baec9a48619d01c238b616ab64ae1000

    • SHA1

      597ff70eef9e1f3d1963346eb8ea90ebffd0941f

    • SHA256

      9ade3d7b5b80c0aa052d9580041faffe54e23e7d5982716be2a785bf0e48b0d6

    • SHA512

      1bc6b59aabb568e79cf7f24b7620c6a4b0293ccb78bf03a8f85d695cce77b170f88e2854bd0f52ccf30052e5bdc71f6358653bc3ca5ce1b52ad9ae153cc34b67

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWI:SbBeSFkk

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks