General

  • Target

    1a5c6da553d49055818678420dfdc8a0_NeikiAnalytics.exe

  • Size

    1.8MB

  • Sample

    240610-r7719a1aqm

  • MD5

    1a5c6da553d49055818678420dfdc8a0

  • SHA1

    2f4e023235e083e5c285298c74dcb418bbe310a8

  • SHA256

    d098954066e19a2b3a365226217a851ee54709584cdc2cbf880e2a839b2e8235

  • SHA512

    ca9bedc250e94a82e6493741b009154f17069e5d4b9d9b71740a3f9c78044f25bf0d2728b3008b0668dc53db8990d216fb8fa51df46d0ac9526bbab8673bf7ea

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBeQxWCLU0SwVUuDDnve:Lz071uv4BPMkFfdg6NsIRSwV7vm

Malware Config

Targets

    • Target

      1a5c6da553d49055818678420dfdc8a0_NeikiAnalytics.exe

    • Size

      1.8MB

    • MD5

      1a5c6da553d49055818678420dfdc8a0

    • SHA1

      2f4e023235e083e5c285298c74dcb418bbe310a8

    • SHA256

      d098954066e19a2b3a365226217a851ee54709584cdc2cbf880e2a839b2e8235

    • SHA512

      ca9bedc250e94a82e6493741b009154f17069e5d4b9d9b71740a3f9c78044f25bf0d2728b3008b0668dc53db8990d216fb8fa51df46d0ac9526bbab8673bf7ea

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBeQxWCLU0SwVUuDDnve:Lz071uv4BPMkFfdg6NsIRSwV7vm

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks