General

  • Target

    0e1b483a2248e0a36604a43aa5a3ab60_NeikiAnalytics.exe

  • Size

    3.6MB

  • Sample

    240527-xm2lmaeb8z

  • MD5

    0e1b483a2248e0a36604a43aa5a3ab60

  • SHA1

    a8fbfc58dbcab514759d43135b44e05fb0f5186b

  • SHA256

    f4859a0181e8921598fa25af63c559d3056d21712d147323dddb1962f2026a5b

  • SHA512

    c96bc9decd7ace65adcd4b59a97602ed9c647396cffa4f6b0810e13eaa119dbd199bdad2f6e497a10c631105c9d962d5a07dce29f34344711ff2e9b7c2616c7b

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWb:7bBeSFkH

Malware Config

Targets

    • Target

      0e1b483a2248e0a36604a43aa5a3ab60_NeikiAnalytics.exe

    • Size

      3.6MB

    • MD5

      0e1b483a2248e0a36604a43aa5a3ab60

    • SHA1

      a8fbfc58dbcab514759d43135b44e05fb0f5186b

    • SHA256

      f4859a0181e8921598fa25af63c559d3056d21712d147323dddb1962f2026a5b

    • SHA512

      c96bc9decd7ace65adcd4b59a97602ed9c647396cffa4f6b0810e13eaa119dbd199bdad2f6e497a10c631105c9d962d5a07dce29f34344711ff2e9b7c2616c7b

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWb:7bBeSFkH

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks