General

  • Target

    a683f7ebafa6a45ab5cd585312d06e40_NeikiAnalytics.exe

  • Size

    3.4MB

  • Sample

    240523-y51mqafb24

  • MD5

    a683f7ebafa6a45ab5cd585312d06e40

  • SHA1

    0dc20b26ab53fe5d1565a8c091c1ffec5a8a9be1

  • SHA256

    4c115638322547b809463e450a441b159cba2418064cee83fdb9de0ef7685641

  • SHA512

    a132568034143006b23a681f95bf003cc708c0e5695736afa657f54aec4377c6ded010faf94153fb4a18426f8ced6a9cbed4f38c121396ca0241d72c57df95af

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWK:SbBeSFk2

Malware Config

Targets

    • Target

      a683f7ebafa6a45ab5cd585312d06e40_NeikiAnalytics.exe

    • Size

      3.4MB

    • MD5

      a683f7ebafa6a45ab5cd585312d06e40

    • SHA1

      0dc20b26ab53fe5d1565a8c091c1ffec5a8a9be1

    • SHA256

      4c115638322547b809463e450a441b159cba2418064cee83fdb9de0ef7685641

    • SHA512

      a132568034143006b23a681f95bf003cc708c0e5695736afa657f54aec4377c6ded010faf94153fb4a18426f8ced6a9cbed4f38c121396ca0241d72c57df95af

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWK:SbBeSFk2

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks