gandcrab | 4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe
Size

30KB
MD5

92bc31f02a105fe6ace2b0f8c4ac12b0
SHA1

34eee0725a7cb330233ea8eedaae12ba84c48151
SHA256

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655
SHA512

84715ba84a5e5c2c7879e87b6a7860950e3a7a05aa888e2c4b0fee8c0a30f59f0350f22a47a056ed3e5d54e082a60c77fcd659126b236e3fc0884467e0d507ee
SSDEEP

384:zlTa+Sj+CR+wDy/uNjNCvdyRbJ15wXDOjggxmewNgAiAW6tk4nrcQGrv1c6:JnSj+CR+myGNjNCvA1McqDdWSnY9r9b

Score

10^/10

upx gandcrab

Malware Config

Extracted

Family

gandcrab

http://gdcbghvjyqy7jclk.onion.top/

Signatures

GandCrab payload 1 IoCs

Processes:

resource yara_rule

static1/unpack001/out.upx family_gandcrab
Gandcrab family
gandcrab
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.

Processes:

resource

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe
unpack001/out.upx

resource	yara_rule
static1/unpack001/out.upx	family_gandcrab

resource	yara_rule
sample	upx

resource
4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe
unpack001/out.upx

Files

4e714fbc756671c12cf010496a3e96aa3041f1c36fc6aed7299054d5a173a655_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 28KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB