Behavioral task
behavioral1
Sample
7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
Resource
win7-20231129-en
General
-
Target
7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
-
Size
231KB
-
MD5
7bc6b8054abd6114c35c454c071c7290
-
SHA1
c88749c113c114d0fe437f4f701b9402a6d11e92
-
SHA256
4641bea6ae464a8c278a7e0529f754c08f60edc46ecf63b5b4c8775df8c54649
-
SHA512
4a0cdc2e0b86cacb92f684faec19764882653e75d7d66c37e9da0dec08b6beaadea432c161f1eda9e596ff14bea88c42af51c6837c954b3d3252beebd85991fe
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4vTIgiAfbofxUyzzq2Ab8e1mT8Ti:joZtL+EP8vTIgiAfbofxUyzzqzK9
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1246232317215903755/k1xdEK7NXg9Ud5aRps3d0dup6SCVr7oTrOvl5rUZFNMqDY9YqVHX9ED6ruz0decwjSyA
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
Files
-
7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ