Behavioral task
behavioral1
Sample
3c68ee71a6ed72c64b866c5dbea8d235c34cf2d03695ed88097916fb844d18c7_NeikiAnalytics.exe
Resource
win7-20240220-en
General
-
Target
3c68ee71a6ed72c64b866c5dbea8d235c34cf2d03695ed88097916fb844d18c7_NeikiAnalytics.exe
-
Size
431KB
-
MD5
958d1b88d6e33021458a2f1b47d383b0
-
SHA1
bd9ff9b24f1955c73bb2dd3d3bbdf47a5eb13b1d
-
SHA256
3c68ee71a6ed72c64b866c5dbea8d235c34cf2d03695ed88097916fb844d18c7
-
SHA512
2beb4ee9f743c566e02c3074c5a8b8cd04da8b3a0c980893f84415dcb105e25db09080419d53a57e45dbca867310b19b5e8e554afe42ecc6ae96a1a8aae6ea78
-
SSDEEP
6144:cT5J63Fm3b7yOE7Hvpu5CaGi4mUf95TtC4uP2scqAO:c4Fm3b7yOAHNar4mUf9lJ82scqAO
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3c68ee71a6ed72c64b866c5dbea8d235c34cf2d03695ed88097916fb844d18c7_NeikiAnalytics.exe
Files
-
3c68ee71a6ed72c64b866c5dbea8d235c34cf2d03695ed88097916fb844d18c7_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 387KB - Virtual size: 386KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE