Behavioral task
behavioral1
Sample
81be55c863016924a3134289fae40970_NeikiAnalytics.exe
Resource
win7-20231129-en
General
-
Target
81be55c863016924a3134289fae40970_NeikiAnalytics.exe
-
Size
3.6MB
-
MD5
81be55c863016924a3134289fae40970
-
SHA1
980ff520a5dd3cee97c63544a9d8fa9fe327f101
-
SHA256
607b0ff863381ee25ef50bafe0d1903da3bd546860e62cebd7458e2daf8e1c65
-
SHA512
93fbc49ff1cfcd6dac58cbd60f225b292259ef70773351f2f447a7a39d3d672a569279125825f0eb83905ab7751b54df2d3e918e6bb35d1639e7ae9059eb4250
-
SSDEEP
49152:DtOcE5/k017aNCFTTIP5uqz2lSNd6ZoR9ttqQ/3FPnh:Dcj/kFs5IAqzSP85/3FPh
Malware Config
Extracted
nanocore
1.2.2.0
okurwa123.ddns.net:30814
2235e1d8-7910-4a73-af04-b7bf49fcd3e7
-
activate_away_mode
true
-
backup_connection_host
okurwa123.ddns.net
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-10-29T22:05:41.783378436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
30814
-
default_group
chmo ebat nahui
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
2235e1d8-7910-4a73-af04-b7bf49fcd3e7
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
okurwa123.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Signatures
-
Nanocore family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 81be55c863016924a3134289fae40970_NeikiAnalytics.exe
Files
-
81be55c863016924a3134289fae40970_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
shijh89g Size: 920KB - Virtual size: 920KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ