General

  • Target

    abb26f2eb0cef55f831ec1e46b018e20_NeikiAnalytics.exe

  • Size

    1.8MB

  • Sample

    240614-hyl8razbpd

  • MD5

    abb26f2eb0cef55f831ec1e46b018e20

  • SHA1

    4fcccb6132490bcaa28d45877bdff4201a2588a7

  • SHA256

    65fdf4e994985ea347052456eb1c79aaa155b06df3876cb416b35611eee97c0a

  • SHA512

    29e0a695860a25b9fc7a218bc0f0993763d671b618b050ea2fa06fc8a368ce1bbb24ec5efe22c98cff0ecc23c9dc2bc0d9bba21d1a39ed5bae3f251b5ee220e2

  • SSDEEP

    49152:Lz071uv4BPMkHC0IaSEzQR4iRFlX+IAD5qOkp:NABG

Malware Config

Targets

    • Target

      abb26f2eb0cef55f831ec1e46b018e20_NeikiAnalytics.exe

    • Size

      1.8MB

    • MD5

      abb26f2eb0cef55f831ec1e46b018e20

    • SHA1

      4fcccb6132490bcaa28d45877bdff4201a2588a7

    • SHA256

      65fdf4e994985ea347052456eb1c79aaa155b06df3876cb416b35611eee97c0a

    • SHA512

      29e0a695860a25b9fc7a218bc0f0993763d671b618b050ea2fa06fc8a368ce1bbb24ec5efe22c98cff0ecc23c9dc2bc0d9bba21d1a39ed5bae3f251b5ee220e2

    • SSDEEP

      49152:Lz071uv4BPMkHC0IaSEzQR4iRFlX+IAD5qOkp:NABG

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks