Behavioral task
behavioral1
Sample
28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe
Resource
win7-20240419-en
General
-
Target
28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe
-
Size
357KB
-
MD5
28b1d5a2a630ee3aadc78576c4c06010
-
SHA1
76bf2bc0e5ecbd81d9bdda78df2420701bcf039c
-
SHA256
84f9ab5a8e810fd027e7fe0d2e4004444b316a51d6f15951c5d17f0970068748
-
SHA512
b7a0f0fd547948e8228e99a6910c9f8b75f9b5e3913de19741ddcb5892e3fa0a6f141965c251deb8d0a6de50d1fba27154a023deafe8c361d0e795a7b10bd825
-
SSDEEP
6144:mvk3Q5ibjnNuuXckaL7pbRBkce97aw/N4L7om:mvMQ5ibjnwka3pbRC19Gw/Nsom
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe
Files
-
28b1d5a2a630ee3aadc78576c4c06010_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 314KB - Virtual size: 314KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE