General

  • Target

    25225a177e10ef49fa0b9cad23232410_NeikiAnalytics.exe

  • Size

    3.1MB

  • Sample

    240612-hez1hatajh

  • MD5

    25225a177e10ef49fa0b9cad23232410

  • SHA1

    f26acababc8f2e7adb44cb5679bd7688c5b75f88

  • SHA256

    2586e606cdd2097956b9922e83c0eb917326b6b2b04b37a2f799125c748f05e0

  • SHA512

    143bc1f024709175b5c81e1718b130ea34073d3f541cf3c2772ee460e7f5f01bf85724c45af10eb8277743dcacce0fc92e96e721ed63d79992d04f57c9cdd858

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWy:7bBeSFku

Malware Config

Targets

    • Target

      25225a177e10ef49fa0b9cad23232410_NeikiAnalytics.exe

    • Size

      3.1MB

    • MD5

      25225a177e10ef49fa0b9cad23232410

    • SHA1

      f26acababc8f2e7adb44cb5679bd7688c5b75f88

    • SHA256

      2586e606cdd2097956b9922e83c0eb917326b6b2b04b37a2f799125c748f05e0

    • SHA512

      143bc1f024709175b5c81e1718b130ea34073d3f541cf3c2772ee460e7f5f01bf85724c45af10eb8277743dcacce0fc92e96e721ed63d79992d04f57c9cdd858

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWy:7bBeSFku

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks