General

  • Target

    a270941a8bdb55c6ffdff32e45a8ae50_NeikiAnalytics.exe

  • Size

    3.3MB

  • Sample

    240603-nz9y4ade3s

  • MD5

    a270941a8bdb55c6ffdff32e45a8ae50

  • SHA1

    033b378345a4c16a27c7d284fd4535d9dce1c78e

  • SHA256

    77917dfb0ffdaa8c878210289e90e919b62e71fa378cb1e43d339dd2f8068d4a

  • SHA512

    72569bca367d4d6a4bd45239a5c88fcf550f8f123ad1adb61ad2022a61272f9db7e766fc565647fdbff571eb473868736ffe20198aaf37881218c23334a85378

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW6:SbBeSFkO

Malware Config

Targets

    • Target

      a270941a8bdb55c6ffdff32e45a8ae50_NeikiAnalytics.exe

    • Size

      3.3MB

    • MD5

      a270941a8bdb55c6ffdff32e45a8ae50

    • SHA1

      033b378345a4c16a27c7d284fd4535d9dce1c78e

    • SHA256

      77917dfb0ffdaa8c878210289e90e919b62e71fa378cb1e43d339dd2f8068d4a

    • SHA512

      72569bca367d4d6a4bd45239a5c88fcf550f8f123ad1adb61ad2022a61272f9db7e766fc565647fdbff571eb473868736ffe20198aaf37881218c23334a85378

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW6:SbBeSFkO

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks