General
-
Target
631fea5b70f36d2e036a357f765d9cb0_NeikiAnalytics
-
Size
3.2MB
-
Sample
240512-dxs8fseb3s
-
MD5
631fea5b70f36d2e036a357f765d9cb0
-
SHA1
e923c65e5ce7a4a0935be6236221d01c08d09720
-
SHA256
a74bf698fe22e6c1ca0b50814923f698a8a1dbd70ff7c482b3b28d02f91e22e8
-
SHA512
fd3968be135f25307c0bac8be3ae5818fdd85fe2c6e9533b174140b493b0404c2204e387e3526f4886931840b70bcd5744f856f41cdcf32abcf35eb37402d1c9
-
SSDEEP
98304:WsmfE8eD0M782w1JSdvi199xP9/ecsFjPSz:WQNBY2S99xl
Behavioral task
behavioral1
Sample
631fea5b70f36d2e036a357f765d9cb0_NeikiAnalytics.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
631fea5b70f36d2e036a357f765d9cb0_NeikiAnalytics
-
Size
3.2MB
-
MD5
631fea5b70f36d2e036a357f765d9cb0
-
SHA1
e923c65e5ce7a4a0935be6236221d01c08d09720
-
SHA256
a74bf698fe22e6c1ca0b50814923f698a8a1dbd70ff7c482b3b28d02f91e22e8
-
SHA512
fd3968be135f25307c0bac8be3ae5818fdd85fe2c6e9533b174140b493b0404c2204e387e3526f4886931840b70bcd5744f856f41cdcf32abcf35eb37402d1c9
-
SSDEEP
98304:WsmfE8eD0M782w1JSdvi199xP9/ecsFjPSz:WQNBY2S99xl
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1