General

  • Target

    25cbe2fb2a8a0b02f3d4253773df3120_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240612-hngkhstcmr

  • MD5

    25cbe2fb2a8a0b02f3d4253773df3120

  • SHA1

    7e6d775a1b7ec13854164a15ab1e794949250481

  • SHA256

    b9d9a322f9506555b78aecbdd8a2a42a0129d2b07d91099ce4e6e316af92ebd5

  • SHA512

    1f6dc8b86c9572825670db374da95564d64de4110c8fc2ff8ebd31955ba1c89b2d11e7d13d4d407d42dd5ba668f08cc1b527a52fe3a3697bb41a05c1e24ee5c8

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Riz:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rt

Malware Config

Targets

    • Target

      25cbe2fb2a8a0b02f3d4253773df3120_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      25cbe2fb2a8a0b02f3d4253773df3120

    • SHA1

      7e6d775a1b7ec13854164a15ab1e794949250481

    • SHA256

      b9d9a322f9506555b78aecbdd8a2a42a0129d2b07d91099ce4e6e316af92ebd5

    • SHA512

      1f6dc8b86c9572825670db374da95564d64de4110c8fc2ff8ebd31955ba1c89b2d11e7d13d4d407d42dd5ba668f08cc1b527a52fe3a3697bb41a05c1e24ee5c8

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/Riz:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rt

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks