General

  • Target

    aee63434c69573f5b4a5658590004af0_NeikiAnalytics.exe

  • Size

    1.7MB

  • Sample

    240614-jtjgqs1ekg

  • MD5

    aee63434c69573f5b4a5658590004af0

  • SHA1

    cc313301ed9dc1906cd25a30c85c53428dca92a2

  • SHA256

    864864d0c038650b3f44a280a69c77e769988cc9b8d2a8c8cfb117b5ccc01b36

  • SHA512

    1ee54c8539670b5c33a6359b2d9b0e6afb59a0d40ad419ab82d85f3d6f3c21a29e24b780511c2e760d30788f4e2ce5f5e9445b5dfb8ee3677a0d0eb2e9948ba8

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkipctp++Ft4mzS1jRtbpDYNetZrBXADo1fRb7BTauo:Lz071uv4BPMkiqtI+ijRzY8GwR/BGF

Malware Config

Targets

    • Target

      aee63434c69573f5b4a5658590004af0_NeikiAnalytics.exe

    • Size

      1.7MB

    • MD5

      aee63434c69573f5b4a5658590004af0

    • SHA1

      cc313301ed9dc1906cd25a30c85c53428dca92a2

    • SHA256

      864864d0c038650b3f44a280a69c77e769988cc9b8d2a8c8cfb117b5ccc01b36

    • SHA512

      1ee54c8539670b5c33a6359b2d9b0e6afb59a0d40ad419ab82d85f3d6f3c21a29e24b780511c2e760d30788f4e2ce5f5e9445b5dfb8ee3677a0d0eb2e9948ba8

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkipctp++Ft4mzS1jRtbpDYNetZrBXADo1fRb7BTauo:Lz071uv4BPMkiqtI+ijRzY8GwR/BGF

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks