General

  • Target

    8ffe0cea1ed65b2135222dca98a8bc80_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240525-n69lxagh2z

  • MD5

    8ffe0cea1ed65b2135222dca98a8bc80

  • SHA1

    f689320fa713e83b9886272636840d74cd005b08

  • SHA256

    25c2db966cce3c64e497c7e50211a56559712bddf1fdd8977b95903d64547bd8

  • SHA512

    12d8cd54f83a93a4795d3de63dddea8fab221ed55d912a03561da0390a4d878b3c748558dc9850198e1be624674a0134de84d9340898bf27ff05c046363ab246

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsNtJVSuY:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RO

Malware Config

Targets

    • Target

      8ffe0cea1ed65b2135222dca98a8bc80_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      8ffe0cea1ed65b2135222dca98a8bc80

    • SHA1

      f689320fa713e83b9886272636840d74cd005b08

    • SHA256

      25c2db966cce3c64e497c7e50211a56559712bddf1fdd8977b95903d64547bd8

    • SHA512

      12d8cd54f83a93a4795d3de63dddea8fab221ed55d912a03561da0390a4d878b3c748558dc9850198e1be624674a0134de84d9340898bf27ff05c046363ab246

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsNtJVSuY:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RO

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks