Behavioral task
behavioral1
Sample
d3af3d5142b11c8fb767076688c5e790_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
d3af3d5142b11c8fb767076688c5e790_NeikiAnalytics.exe
-
Size
431KB
-
MD5
d3af3d5142b11c8fb767076688c5e790
-
SHA1
e95579fbb827aa2ee9b031fe44dccc00171f351d
-
SHA256
199b2cb92890944469b6eb84f8893f419c48799df164604d0f4ed9b6dc41551d
-
SHA512
fb93037aaefe8e4ae95b9640d1f409737a0ae8380fcad2c8a6c998e8a09c0ca9e9ec16c3464c81899b86162a2518487322d0bb05d1cc25afe777d04b8b1bbf1f
-
SSDEEP
3072:TVmHpJqu0Vh6jw/fmZmRMpVuWwP5tOcQfgdVqYHKjoS1HwZCFjTPG1UFNE2XCKUM:TcHpJfHElepVuWwP5YcQfg8J+ojCKC+r
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource d3af3d5142b11c8fb767076688c5e790_NeikiAnalytics.exe
Files
-
d3af3d5142b11c8fb767076688c5e790_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 387KB - Virtual size: 386KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE