Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aaeb8a13c7cc58cb6b55919f6b035ac0_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240526-mlf87afh86

  • MD5

    aaeb8a13c7cc58cb6b55919f6b035ac0

  • SHA1

    b6b1a6859610ddf8355e8c45ecb593b33bf0351e

  • SHA256

    aabfdd5a7a0ca3c821ebdbe0c6eb7eeb1ea22e5c8b57a80b10489d14979b3e6e

  • SHA512

    dc044b99515850db1a283afaeb93b3fb3e1d4f0a29dbed3ea98757ce2136b281849d869c6ecac759b138377d01b3eff425af97cc73c3519a22483ed3bcd3de5d

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FNGzM2XNJSX:Lz071uv4BPMki8CnfZFZzMuNEX

Malware Config

Targets

    • Target

      aaeb8a13c7cc58cb6b55919f6b035ac0_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      aaeb8a13c7cc58cb6b55919f6b035ac0

    • SHA1

      b6b1a6859610ddf8355e8c45ecb593b33bf0351e

    • SHA256

      aabfdd5a7a0ca3c821ebdbe0c6eb7eeb1ea22e5c8b57a80b10489d14979b3e6e

    • SHA512

      dc044b99515850db1a283afaeb93b3fb3e1d4f0a29dbed3ea98757ce2136b281849d869c6ecac759b138377d01b3eff425af97cc73c3519a22483ed3bcd3de5d

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FNGzM2XNJSX:Lz071uv4BPMki8CnfZFZzMuNEX

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks