General

  • Target

    918e9bdaf26216f5d36fdefbcd70a180_NeikiAnalytics.exe

  • Size

    1.7MB

  • Sample

    240523-1np6rsaa38

  • MD5

    918e9bdaf26216f5d36fdefbcd70a180

  • SHA1

    d1600bd18b46ece59a63f28d0e58c6d99d8f4369

  • SHA256

    bb2181e2ddeae4e4bddb70a99cbb403a1c10634114c6b9b933eb54a8f2127cee

  • SHA512

    6d8e06c9b05d773b0acf164c7f133ac39b3fc66a7c37017d9cc5cd1875035267f2c407e218f3ca4898f98ec8e1f75c274f34739684f24b3f7b521e5931b3bc96

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7K6WefmedkVoMXfy:Lz071uv4BPMkyW10/w16BvZuaXph

Malware Config

Targets

    • Target

      918e9bdaf26216f5d36fdefbcd70a180_NeikiAnalytics.exe

    • Size

      1.7MB

    • MD5

      918e9bdaf26216f5d36fdefbcd70a180

    • SHA1

      d1600bd18b46ece59a63f28d0e58c6d99d8f4369

    • SHA256

      bb2181e2ddeae4e4bddb70a99cbb403a1c10634114c6b9b933eb54a8f2127cee

    • SHA512

      6d8e06c9b05d773b0acf164c7f133ac39b3fc66a7c37017d9cc5cd1875035267f2c407e218f3ca4898f98ec8e1f75c274f34739684f24b3f7b521e5931b3bc96

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7K6WefmedkVoMXfy:Lz071uv4BPMkyW10/w16BvZuaXph

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks