Overview

overview

10

Static

static

10

28c238fb3a...cs.exe

windows7-x64

10

28c238fb3a...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28c238fb3a9fccd87c80ca70f1985d50_NeikiAnalytics.exe

  • Size

    3.0MB

  • Sample

    240528-akjlpsfd2s

  • MD5

    28c238fb3a9fccd87c80ca70f1985d50

  • SHA1

    2d655b84424475e8493dece0dc10a47ac3be79c7

  • SHA256

    2628a03982a25e146cf52881a9e131a4d49fd81d7c02455b1870ce7e56bc793b

  • SHA512

    7977084221671978ce35bf692864b20a103a3c26cbf44401a64558849f034a8938837ea1b38b445e8b123b1924747bc674d9732f40d5395f7f6bd988be7eaa98

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2auTqao/c7:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Ry

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      28c238fb3a9fccd87c80ca70f1985d50_NeikiAnalytics.exe

    • Size

      3.0MB

    • MD5

      28c238fb3a9fccd87c80ca70f1985d50

    • SHA1

      2d655b84424475e8493dece0dc10a47ac3be79c7

    • SHA256

      2628a03982a25e146cf52881a9e131a4d49fd81d7c02455b1870ce7e56bc793b

    • SHA512

      7977084221671978ce35bf692864b20a103a3c26cbf44401a64558849f034a8938837ea1b38b445e8b123b1924747bc674d9732f40d5395f7f6bd988be7eaa98

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2auTqao/c7:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Ry

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks