Behavioral task
behavioral1
Sample
41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe
-
Size
355KB
-
MD5
41c354f1ced98b4a8b39cb0af6482550
-
SHA1
b1c731090a1467ad288c30c7af3182aea7fff832
-
SHA256
e6558cbd6922a293e91c0b292ef58494affd161a1e8c61d220fd8d2554505668
-
SHA512
231778cb6de65cbe23f83879d1b218699584d134ca8c7d40035fbf3bc3a764d0ad0d1d7ae17ca10fb5d3d9939f3047457fec50f78dd5fb1b3d7c76de4481415b
-
SSDEEP
6144:/qvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7oi:/qvMQ5ibjnwka3pbRC19Gw/Nsoi
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe
Files
-
41c354f1ced98b4a8b39cb0af6482550_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 314KB - Virtual size: 314KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE