General

  • Target

    466ee8d7c7a168e725861c0d143c24b0_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240525-r8bz7sgf89

  • MD5

    466ee8d7c7a168e725861c0d143c24b0

  • SHA1

    05b61451d4fa0a33e3a10231f7a816d36b30884f

  • SHA256

    8e97042bfc67f83cf06c5c4adb8f020d87be3ce491abf700cc2ca7dfaeb97f44

  • SHA512

    10326e374550681b505a7c14f9470ef3da4fae35aaf59e1be3f008c6ef0dd79dc056c788238ecf7b746ee792b4d12b3ac3710360abf1abc712a38c4708fa1b94

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+BJBxyODsbJEF:Lz071uv4BPMkyW10/w16BvZXBCurms

Malware Config

Targets

    • Target

      466ee8d7c7a168e725861c0d143c24b0_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      466ee8d7c7a168e725861c0d143c24b0

    • SHA1

      05b61451d4fa0a33e3a10231f7a816d36b30884f

    • SHA256

      8e97042bfc67f83cf06c5c4adb8f020d87be3ce491abf700cc2ca7dfaeb97f44

    • SHA512

      10326e374550681b505a7c14f9470ef3da4fae35aaf59e1be3f008c6ef0dd79dc056c788238ecf7b746ee792b4d12b3ac3710360abf1abc712a38c4708fa1b94

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+BJBxyODsbJEF:Lz071uv4BPMkyW10/w16BvZXBCurms

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks