General

  • Target

    09106022b00d964416b9fa0c0989c710_NeikiAnalytics.exe

  • Size

    1.4MB

  • Sample

    240526-rvxprahe9s

  • MD5

    09106022b00d964416b9fa0c0989c710

  • SHA1

    332551ba0b9427c551df9208392aeacd4c514c0f

  • SHA256

    2fb0038bc9261239cbd22a693eaf82290559052b29d52e50bcc09f01898e435d

  • SHA512

    d3168e3a8abaff4fc085e78a0109e5f4bbaee22aa754c447b55768468fa3979a51944ea3c796b19f408af069a0eea3b32d1c5c2054344e9f70daa5fac2149eed

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7SIslzdvkgQdp:Lz071uv4BPMkyW10/w16BvZ+I8Rv0/

Malware Config

Targets

    • Target

      09106022b00d964416b9fa0c0989c710_NeikiAnalytics.exe

    • Size

      1.4MB

    • MD5

      09106022b00d964416b9fa0c0989c710

    • SHA1

      332551ba0b9427c551df9208392aeacd4c514c0f

    • SHA256

      2fb0038bc9261239cbd22a693eaf82290559052b29d52e50bcc09f01898e435d

    • SHA512

      d3168e3a8abaff4fc085e78a0109e5f4bbaee22aa754c447b55768468fa3979a51944ea3c796b19f408af069a0eea3b32d1c5c2054344e9f70daa5fac2149eed

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7SIslzdvkgQdp:Lz071uv4BPMkyW10/w16BvZ+I8Rv0/

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks