General

  • Target

    1ccac4da2d7e206477d05bde735823e0_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240527-d3e8saff78

  • MD5

    1ccac4da2d7e206477d05bde735823e0

  • SHA1

    0ab9058af74c01cc102c41f7e147af7f3e49cead

  • SHA256

    f400e25e6358013e91b4b0b0b48215f4547f972c94dbd1c226aef49e3a36224e

  • SHA512

    1edc84fe43f3898492f2d481d88e919f23c4b898bb5b2662ea98339f24b8857e8e84782208614e9f7cf53356320fa87380ecac6fb9caeaeea53f831b01a4bce2

  • SSDEEP

    49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMki8CnfLv3zQXtTx:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RA

Malware Config

Targets

    • Target

      1ccac4da2d7e206477d05bde735823e0_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      1ccac4da2d7e206477d05bde735823e0

    • SHA1

      0ab9058af74c01cc102c41f7e147af7f3e49cead

    • SHA256

      f400e25e6358013e91b4b0b0b48215f4547f972c94dbd1c226aef49e3a36224e

    • SHA512

      1edc84fe43f3898492f2d481d88e919f23c4b898bb5b2662ea98339f24b8857e8e84782208614e9f7cf53356320fa87380ecac6fb9caeaeea53f831b01a4bce2

    • SSDEEP

      49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMki8CnfLv3zQXtTx:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RA

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks