General

  • Target

    cccb7bf6761cee549ddf758b76b69f90_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240525-p5y98acg31

  • MD5

    cccb7bf6761cee549ddf758b76b69f90

  • SHA1

    7a3717b2c6dc2b1e99b8393fb72db6c2731634b4

  • SHA256

    ddc69ae3f5ae7f35b78d6e9ce2671cca6b687ddb6bc68d7cf33cd0d9f3004fb4

  • SHA512

    62cde3b817d948abc09017a861333fae6a523497a1718c734508fcca2305ab9ab90fae489541d96b79a2da9251ecf54fa15230e59612b4017fce2986a0a74793

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9DbhEM:Lz071uv4BPMkHC0I6Gz3N1pHP77l

Malware Config

Targets

    • Target

      cccb7bf6761cee549ddf758b76b69f90_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      cccb7bf6761cee549ddf758b76b69f90

    • SHA1

      7a3717b2c6dc2b1e99b8393fb72db6c2731634b4

    • SHA256

      ddc69ae3f5ae7f35b78d6e9ce2671cca6b687ddb6bc68d7cf33cd0d9f3004fb4

    • SHA512

      62cde3b817d948abc09017a861333fae6a523497a1718c734508fcca2305ab9ab90fae489541d96b79a2da9251ecf54fa15230e59612b4017fce2986a0a74793

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9DbhEM:Lz071uv4BPMkHC0I6Gz3N1pHP77l

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks