General

  • Target

    c98929d7bf07b666857bef930d167ec0_NeikiAnalytics.exe

  • Size

    1.4MB

  • Sample

    240518-qbq77acg95

  • MD5

    c98929d7bf07b666857bef930d167ec0

  • SHA1

    953ffcbae5acbacd8c58daeb4a336e6469f82727

  • SHA256

    cc1a951cf7c96b04f8dd878ff5a7eaa3cf491222cab2cf04f04c990da3c9f24b

  • SHA512

    162c3ed38a833185416be5e6037b95c81499fa9fa5f5a7468e9603c1f3e4c0cafc3d6205e70e40fca473f68c975ff6c1fb920970278deaaeb4b69193ceaf0ae8

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkipctp++Ft4mzS1jRtbpDYNetZWRGuZ:Lz071uv4BPMkiqtI+ijRzYZGU

Malware Config

Targets

    • Target

      c98929d7bf07b666857bef930d167ec0_NeikiAnalytics.exe

    • Size

      1.4MB

    • MD5

      c98929d7bf07b666857bef930d167ec0

    • SHA1

      953ffcbae5acbacd8c58daeb4a336e6469f82727

    • SHA256

      cc1a951cf7c96b04f8dd878ff5a7eaa3cf491222cab2cf04f04c990da3c9f24b

    • SHA512

      162c3ed38a833185416be5e6037b95c81499fa9fa5f5a7468e9603c1f3e4c0cafc3d6205e70e40fca473f68c975ff6c1fb920970278deaaeb4b69193ceaf0ae8

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkipctp++Ft4mzS1jRtbpDYNetZWRGuZ:Lz071uv4BPMkiqtI+ijRzYZGU

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks