General

  • Target

    6ae155c6033c065a1d9659439e576870_NeikiAnalytics.exe

  • Size

    1.6MB

  • Sample

    240613-jsdvvszepg

  • MD5

    6ae155c6033c065a1d9659439e576870

  • SHA1

    05fdbfd99d1aa90c78b15a8830042c7a8c529028

  • SHA256

    935d2625479788dd7c3a78a8db8801e51cd5ab196a118fa777fcb34d28434e36

  • SHA512

    3bf6a9374a858a7af1b5ff84edef558cfeba5e03e6e9b74dccdfc2db171b15f5ea358c841656b5a8049198714c2f3975d6db12541904e6c618f708632f66e282

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupaXHeY5HmsoKTQXvaW9Rcps9kdxr:Lz071uv4BPMki8CnfLv3zQXtTEjr

Malware Config

Targets

    • Target

      6ae155c6033c065a1d9659439e576870_NeikiAnalytics.exe

    • Size

      1.6MB

    • MD5

      6ae155c6033c065a1d9659439e576870

    • SHA1

      05fdbfd99d1aa90c78b15a8830042c7a8c529028

    • SHA256

      935d2625479788dd7c3a78a8db8801e51cd5ab196a118fa777fcb34d28434e36

    • SHA512

      3bf6a9374a858a7af1b5ff84edef558cfeba5e03e6e9b74dccdfc2db171b15f5ea358c841656b5a8049198714c2f3975d6db12541904e6c618f708632f66e282

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupaXHeY5HmsoKTQXvaW9Rcps9kdxr:Lz071uv4BPMki8CnfLv3zQXtTEjr

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks