Overview

overview

10

Static

static

10

56f907a2cb...cs.exe

windows7-x64

10

56f907a2cb...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56f907a2cb38b4cef2eef4c279ee7100_NeikiAnalytics.exe

  • Size

    2.0MB

  • Sample

    240522-3dtgjsda4s

  • MD5

    56f907a2cb38b4cef2eef4c279ee7100

  • SHA1

    f2b305d5d3b47db43bf9c6d9d597072081600af5

  • SHA256

    8e29c1033b995c8be7d020116f4d5a30f5f903b0512021b62b5ac7381879b4e0

  • SHA512

    d7411ce886619fff3d36eb88e06ebcc6a5680c995a4f484bcc210f3e7a3c47186554c570369e54d2148fcb2a390e59f8c5ab4e61ba74245683b8aa09818f055c

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5LDGTUDgcGl7yuoUzG:NAB2

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      56f907a2cb38b4cef2eef4c279ee7100_NeikiAnalytics.exe

    • Size

      2.0MB

    • MD5

      56f907a2cb38b4cef2eef4c279ee7100

    • SHA1

      f2b305d5d3b47db43bf9c6d9d597072081600af5

    • SHA256

      8e29c1033b995c8be7d020116f4d5a30f5f903b0512021b62b5ac7381879b4e0

    • SHA512

      d7411ce886619fff3d36eb88e06ebcc6a5680c995a4f484bcc210f3e7a3c47186554c570369e54d2148fcb2a390e59f8c5ab4e61ba74245683b8aa09818f055c

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5LDGTUDgcGl7yuoUzG:NAB2

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks