systembc | 5ba8c341b8f7cf9f79e1b565363bde40_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

5ba8c341b8f7cf9f79e1b565363bde40_NeikiAnalytics.exe
Size

8KB
MD5

5ba8c341b8f7cf9f79e1b565363bde40
SHA1

d97ebb9abf3cee748beaa9df622eeb5655546f94
SHA256

72c8d5b8e8138ee84dc65e9afabfdedd3b7c548d51a0265d108b8862fdb58a7e
SHA512

be2fc6be531078d6a736409c6a707ebcffd061b9bd59b4f0443e09abe5cbd9710341780e179060cd1553b632f8eceeaddfd3372daf421f8f257172d0880284c0
SSDEEP

96:PNoCMDnHFBkGNutaR/3Mnh/MM4odWLqhZAoUyLh/b9U/gZco2i4g9XY7w:FoTH7kGsaBc/ZbdNdhki4aCw

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

144.76.223.74:443

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ba8c341b8f7cf9f79e1b565363bde40_NeikiAnalytics.exe

Files

5ba8c341b8f7cf9f79e1b565363bde40_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

c43eeea4eb37b541724563a3273bc88b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
TranslateMessage
ShowWindow
RegisterClassA
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
CreateWindowExA

kernel32

GetCommandLineA
WaitForSingleObject
VirtualFree
VirtualAlloc
Sleep
CloseHandle
CreateEventA
CreateThread
ExitProcess
GetVolumeInformationA
GetModuleHandleA
SetEvent

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

wsock32

WSAStartup
closesocket
connect
htons
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

ws2_32

freeaddrinfo
WSAIoctl
getaddrinfo

secur32

GetUserNameExA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ