General

  • Target

    038429f5b5f24730d1762419c29fe920_NeikiAnalytics.exe

  • Size

    1.9MB

  • Sample

    240525-wqr1xsch5t

  • MD5

    038429f5b5f24730d1762419c29fe920

  • SHA1

    b0d79a67c943585d41b7d2181104e010fed8c8a8

  • SHA256

    aeb8447adf009b6e6dd065ff66fc43c2b63dabc822a6755be4fa0bcb2d55fa56

  • SHA512

    5c096806f26873a3eb7b0af13e1d78c43c7d179329497fc57da66be9b5d28e4d56283d8d292faa5088eca5d171ee6b653a475001b28d7e42a7930a3ffb62b16e

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5I4TNrpDGfFQafmyG:NABw

Malware Config

Targets

    • Target

      038429f5b5f24730d1762419c29fe920_NeikiAnalytics.exe

    • Size

      1.9MB

    • MD5

      038429f5b5f24730d1762419c29fe920

    • SHA1

      b0d79a67c943585d41b7d2181104e010fed8c8a8

    • SHA256

      aeb8447adf009b6e6dd065ff66fc43c2b63dabc822a6755be4fa0bcb2d55fa56

    • SHA512

      5c096806f26873a3eb7b0af13e1d78c43c7d179329497fc57da66be9b5d28e4d56283d8d292faa5088eca5d171ee6b653a475001b28d7e42a7930a3ffb62b16e

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5I4TNrpDGfFQafmyG:NABw

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks