Extracted

• • Target

    601bcdce53e91668510a0bfd0be470b06f2102cfe10a5fb0d6e3573b2cafcb82_NeikiAnalytics.exe

  • Size

    161KB

  • MD5

    4d23f8e8d6e5754a939f244c0ae20340

  • SHA1

    a9e158c7d655099bc18a11496d30de72cbc64a32

  • SHA256

    601bcdce53e91668510a0bfd0be470b06f2102cfe10a5fb0d6e3573b2cafcb82

  • SHA512

    d2c587089b0e23c7df16b12d073a6bdf3476c4f91080334459f6aa95f202a0fc61a8cb0e7a14e15ead3ee75a4a11dfd9f666435671180b3da50c23baf22ea7ff

  • SSDEEP

    1536:JxqjQ+P04wsmJC/tp9eSFStfFfeeeeeeeeWeeeeeg3Mz8WZp3fh1LCh1G0dz3Mzh:sr85C/bfFStfFTwc5lI1G3wc5lI1Gh

  Score

  10^/10

  neshtaphorphiexevasionloaderpersistencespywarestealertrojanwormxmrigminer

  • Detect Neshta payload

  • Modifies security service

    evasion

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Phorphiex payload

  • Phorphiex, Phorpiex

    Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    evasiontrojan

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2