General

  • Target

    55f7e2743efb9f576b95adfb04dd6090_NeikiAnalytics.exe

  • Size

    1.5MB

  • Sample

    240525-sz14eahb5y

  • MD5

    55f7e2743efb9f576b95adfb04dd6090

  • SHA1

    d44f994be6a9760fc34aa251ce136d074ad7b63d

  • SHA256

    54e8aebd111476d7ceb40061bbc62eb2545405ba5fbd4a31378d20dad9d551e8

  • SHA512

    6562ba0e76430b94ddbab7b85a78e44155368fd0c7affac8ab9e9ec41f5bc5ae6760522630717a2e171f21f1ad13838684fcf0b21f3a5d83d3bfaea6281eddac

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FNGzM2qAZO:Lz071uv4BPMki8CnfZFZzMB

Malware Config

Targets

    • Target

      55f7e2743efb9f576b95adfb04dd6090_NeikiAnalytics.exe

    • Size

      1.5MB

    • MD5

      55f7e2743efb9f576b95adfb04dd6090

    • SHA1

      d44f994be6a9760fc34aa251ce136d074ad7b63d

    • SHA256

      54e8aebd111476d7ceb40061bbc62eb2545405ba5fbd4a31378d20dad9d551e8

    • SHA512

      6562ba0e76430b94ddbab7b85a78e44155368fd0c7affac8ab9e9ec41f5bc5ae6760522630717a2e171f21f1ad13838684fcf0b21f3a5d83d3bfaea6281eddac

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FNGzM2qAZO:Lz071uv4BPMki8CnfZFZzMB

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks