General

  • Target

    255682250d91faed49c74448e2a14420_NeikiAnalytics.exe

  • Size

    3.0MB

  • Sample

    240612-hglkwstana

  • MD5

    255682250d91faed49c74448e2a14420

  • SHA1

    adf9ebb80d03f70485e12a9da1913c130a0db0a0

  • SHA256

    54377636e256470eb9887a7ec36962c5dec39238fd9904a1130c9653e29c886c

  • SHA512

    f53acb95b1d56353b204c18719fa6aac2cddf6c7dfea20dc9054d56069766e36647da25952d402ec0b26e24fe81ef0295e8d93c2378c8b11766480e913de2666

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWD:7bBeSFkn

Malware Config

Targets

    • Target

      255682250d91faed49c74448e2a14420_NeikiAnalytics.exe

    • Size

      3.0MB

    • MD5

      255682250d91faed49c74448e2a14420

    • SHA1

      adf9ebb80d03f70485e12a9da1913c130a0db0a0

    • SHA256

      54377636e256470eb9887a7ec36962c5dec39238fd9904a1130c9653e29c886c

    • SHA512

      f53acb95b1d56353b204c18719fa6aac2cddf6c7dfea20dc9054d56069766e36647da25952d402ec0b26e24fe81ef0295e8d93c2378c8b11766480e913de2666

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWD:7bBeSFkn

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks