Behavioral task
behavioral1
Sample
e2b858b0b40d3d998778e17d00787b10_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
e2b858b0b40d3d998778e17d00787b10_NeikiAnalytics.exe
-
Size
431KB
-
MD5
e2b858b0b40d3d998778e17d00787b10
-
SHA1
22850999a548a5982a2c145ae74c1a0dc3e42a87
-
SHA256
9db9ff622a13ce2f91f10aaf7ea77bacb045a2350ef93382766166270f3c813a
-
SHA512
71323ac9b182eb077eee63586ab70fa5ffd12f6397adbdde983c95d00477d3fb2f2e952281fcec7f901a876cce50477189f886a45bb5dc8839292f835c63a520
-
SSDEEP
6144:cT5J63Fm3b7yOE7Hvpu5CaGi4mUf95TtC4uP2scqAH:c4Fm3b7yOAHNar4mUf9lJ82scqAH
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource e2b858b0b40d3d998778e17d00787b10_NeikiAnalytics.exe
Files
-
e2b858b0b40d3d998778e17d00787b10_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 387KB - Virtual size: 386KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE