General

  • Target

    699d36b4609ce419e48160e6280c8630_NeikiAnalytics.exe

  • Size

    3.2MB

  • Sample

    240613-jd9zrazaqa

  • MD5

    699d36b4609ce419e48160e6280c8630

  • SHA1

    8bf22fdcff0db3e23b9d994e10ba462949dfc0ed

  • SHA256

    dfc312c5b836cb2136c366695db89211d68eddbc0ae6fbf7ff8d0faa85b7dedd

  • SHA512

    b350bc281baed4787b23315326b7607d9a7ab29960d32329cb9a492779f71fc71adeaaf81fff4eafa5e61c30620b623b2bf8a5806bc90e7ccf70bf8c930bf463

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWz:7bBeSFkP

Malware Config

Targets

    • Target

      699d36b4609ce419e48160e6280c8630_NeikiAnalytics.exe

    • Size

      3.2MB

    • MD5

      699d36b4609ce419e48160e6280c8630

    • SHA1

      8bf22fdcff0db3e23b9d994e10ba462949dfc0ed

    • SHA256

      dfc312c5b836cb2136c366695db89211d68eddbc0ae6fbf7ff8d0faa85b7dedd

    • SHA512

      b350bc281baed4787b23315326b7607d9a7ab29960d32329cb9a492779f71fc71adeaaf81fff4eafa5e61c30620b623b2bf8a5806bc90e7ccf70bf8c930bf463

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWz:7bBeSFkP

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Command and Control

Web Service

1
T1102

Tasks