Overview

overview

10

Static

static

10

2379d0afae...cs.exe

windows7-x64

10

2379d0afae...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2379d0afae86e34508af626525683290_NeikiAnalytics.exe

  • Size

    1.9MB

  • Sample

    240525-pwhk4sbh2y

  • MD5

    2379d0afae86e34508af626525683290

  • SHA1

    661523b5e0b83662e7fb2c7f2f677e156579c0c5

  • SHA256

    60c467b60a8816300eed1601448346999cabd351f61471f9192d30e1e0d1cbd3

  • SHA512

    38e369aeeffe79b04bdcebeeba049c461895426c7c82bbc86ab839eca35ac5b1b67c3e7549489645c32c5ce42cb77352f8cf5e303dace07318785dd2303833bc

  • SSDEEP

    49152:T1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrSax91MkibTIDiH3gPeMW:T1ONtyBeSFkXV1etEKLlWUTOfeiRA2RB

Score
10/10
xmrigexecutionminer

Malware Config

Targets

    • Target

      2379d0afae86e34508af626525683290_NeikiAnalytics.exe

    • Size

      1.9MB

    • MD5

      2379d0afae86e34508af626525683290

    • SHA1

      661523b5e0b83662e7fb2c7f2f677e156579c0c5

    • SHA256

      60c467b60a8816300eed1601448346999cabd351f61471f9192d30e1e0d1cbd3

    • SHA512

      38e369aeeffe79b04bdcebeeba049c461895426c7c82bbc86ab839eca35ac5b1b67c3e7549489645c32c5ce42cb77352f8cf5e303dace07318785dd2303833bc

    • SSDEEP

      49152:T1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrSax91MkibTIDiH3gPeMW:T1ONtyBeSFkXV1etEKLlWUTOfeiRA2RB

    Score
    10/10
    xmrigexecutionminer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks