General
-
Target
187f3a1d27a0f173765cbaaf08ae8770_NeikiAnalytics
-
Size
3.2MB
-
Sample
240512-q6xcpahc8s
-
MD5
187f3a1d27a0f173765cbaaf08ae8770
-
SHA1
192ec8c82c1a51a6ae48ec30d1e6c0876d450b2e
-
SHA256
380df9424ebd676bf4774865133d691da1e50a00a38347c04767e4d3d9f451b4
-
SHA512
5c579f1cc8d239b60464139c08066d41183734fdbbb2b1552c88e879e94fed47ac01ac3c200587439dc2bdc68b520632cb3fbefef9bd5e6f80d5e0be229749c0
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
187f3a1d27a0f173765cbaaf08ae8770_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
187f3a1d27a0f173765cbaaf08ae8770_NeikiAnalytics
-
Size
3.2MB
-
MD5
187f3a1d27a0f173765cbaaf08ae8770
-
SHA1
192ec8c82c1a51a6ae48ec30d1e6c0876d450b2e
-
SHA256
380df9424ebd676bf4774865133d691da1e50a00a38347c04767e4d3d9f451b4
-
SHA512
5c579f1cc8d239b60464139c08066d41183734fdbbb2b1552c88e879e94fed47ac01ac3c200587439dc2bdc68b520632cb3fbefef9bd5e6f80d5e0be229749c0
-
SSDEEP
49152:nC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:nC0Fl8v/qXYrv5tG9uKJGAWl5N
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1