General

  • Target

    43e8f926e9c5d7c0a7835a0072bd76c0_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240523-g274ysgb46

  • MD5

    43e8f926e9c5d7c0a7835a0072bd76c0

  • SHA1

    200f88e88eee37c751353a723a651d429ca681e2

  • SHA256

    24b5eff985491cdb566817016a82b5ef2ca2a5e44ef02c29c9d847659148374e

  • SHA512

    117268e9748892c913b3debab7a4fedb0a2a5058267afc75b360aae55c6b1cc61c1a30ea4a899d26fccfe8259f2f59473d1c80ead1f7502536d6bcff95267270

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9Db06X:Lz071uv4BPMkHC0I6Gz3N1pHP7Ui

Malware Config

Targets

    • Target

      43e8f926e9c5d7c0a7835a0072bd76c0_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      43e8f926e9c5d7c0a7835a0072bd76c0

    • SHA1

      200f88e88eee37c751353a723a651d429ca681e2

    • SHA256

      24b5eff985491cdb566817016a82b5ef2ca2a5e44ef02c29c9d847659148374e

    • SHA512

      117268e9748892c913b3debab7a4fedb0a2a5058267afc75b360aae55c6b1cc61c1a30ea4a899d26fccfe8259f2f59473d1c80ead1f7502536d6bcff95267270

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9Db06X:Lz071uv4BPMkHC0I6Gz3N1pHP7Ui

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Command and Control

Web Service

1
T1102

Tasks