General

  • Target

    442f09b1a15cedb7f5b050150248f170_NeikiAnalytics.exe

  • Size

    1.7MB

  • Sample

    240618-pg7xfsxdlj

  • MD5

    442f09b1a15cedb7f5b050150248f170

  • SHA1

    994d2a69822b961bbf3ca0a83a8f3b06111ca885

  • SHA256

    0f0bebd1538bfa8d876364196bab720dc9c80d5101c7eb0148162740b0182412

  • SHA512

    9e724afb370a56e49d7c6295db0636268d8dbebe552282e42aa3505d16573c72a1866f69eb45d4b5d2828e61eefae0b9c89445b250999230939b8f89453aa0bd

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupaXHeY5HmsoKTQXvaW9Rcps9kdiU:Lz071uv4BPMki8CnfLv3zQXtTET9

Malware Config

Targets

    • Target

      442f09b1a15cedb7f5b050150248f170_NeikiAnalytics.exe

    • Size

      1.7MB

    • MD5

      442f09b1a15cedb7f5b050150248f170

    • SHA1

      994d2a69822b961bbf3ca0a83a8f3b06111ca885

    • SHA256

      0f0bebd1538bfa8d876364196bab720dc9c80d5101c7eb0148162740b0182412

    • SHA512

      9e724afb370a56e49d7c6295db0636268d8dbebe552282e42aa3505d16573c72a1866f69eb45d4b5d2828e61eefae0b9c89445b250999230939b8f89453aa0bd

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupaXHeY5HmsoKTQXvaW9Rcps9kdiU:Lz071uv4BPMki8CnfLv3zQXtTET9

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Accessibility Features

1
T1546.008

Privilege Escalation

Event Triggered Execution

1
T1546

Accessibility Features

1
T1546.008

Tasks