General

  • Target

    e709250c347d9eaa07e376d95d33d9b0_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240527-tcf1dsaf45

  • MD5

    e709250c347d9eaa07e376d95d33d9b0

  • SHA1

    0c28efee0f0c40961bd1ad35ac44ace7787caff4

  • SHA256

    e48140aa8ecb53be05461f5d4be5323a86a85073a064665af8f3758c30a535db

  • SHA512

    9e49164bf2a377c06a7b1f4d5f9d3e7f722402b2839d5f084d0b15ffcbe24a03d0ac133becc612bcd011627349e38948640d1e2d808d8e4997e3d922adc20dbe

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Qk7SW7r+kQQ7dXQARBa5e0ag2K0hvL79:Lz071uv4BPMkyW10/wKV7hjSe05c2Q

Malware Config

Targets

    • Target

      e709250c347d9eaa07e376d95d33d9b0_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      e709250c347d9eaa07e376d95d33d9b0

    • SHA1

      0c28efee0f0c40961bd1ad35ac44ace7787caff4

    • SHA256

      e48140aa8ecb53be05461f5d4be5323a86a85073a064665af8f3758c30a535db

    • SHA512

      9e49164bf2a377c06a7b1f4d5f9d3e7f722402b2839d5f084d0b15ffcbe24a03d0ac133becc612bcd011627349e38948640d1e2d808d8e4997e3d922adc20dbe

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Qk7SW7r+kQQ7dXQARBa5e0ag2K0hvL79:Lz071uv4BPMkyW10/wKV7hjSe05c2Q

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks