Overview

overview

10

Static

static

10

3f01f52ed8...cs.exe

windows7-x64

10

3f01f52ed8...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3f01f52ed81b432c603a3beefcf1fee0_NeikiAnalytics.exe

  • Size

    1.5MB

  • Sample

    240605-f2xsjsfc3s

  • MD5

    3f01f52ed81b432c603a3beefcf1fee0

  • SHA1

    18188c902e6638cb09fa28fc1faa97071560b996

  • SHA256

    d44676c93256c4fdf2857cdb5100f1f1ccb534293a6fbb1dd1b76bb8bc238a23

  • SHA512

    47ff4a44ee62af36a3bb1fafcb11c853fae63068ce85413e260919a4e62f5cb1f1354ae69aff972e1babc11421690b9bf9d6d91cb5aaf2a01634dc8c0dcb76c1

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbqoBQ0Y9xFj+rg:Lz071uv4BPMkHC0IlnASEx/mY9H+8

Score
10/10
xmrigexecutionminerupx

Malware Config

Targets

    • Target

      3f01f52ed81b432c603a3beefcf1fee0_NeikiAnalytics.exe

    • Size

      1.5MB

    • MD5

      3f01f52ed81b432c603a3beefcf1fee0

    • SHA1

      18188c902e6638cb09fa28fc1faa97071560b996

    • SHA256

      d44676c93256c4fdf2857cdb5100f1f1ccb534293a6fbb1dd1b76bb8bc238a23

    • SHA512

      47ff4a44ee62af36a3bb1fafcb11c853fae63068ce85413e260919a4e62f5cb1f1354ae69aff972e1babc11421690b9bf9d6d91cb5aaf2a01634dc8c0dcb76c1

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbqoBQ0Y9xFj+rg:Lz071uv4BPMkHC0IlnASEx/mY9H+8

    Score
    10/10
    xmrigexecutionminerupx

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks