General
-
Target
b9df02adac0846621482835cb8367aa0_NeikiAnalytics
-
Size
3.2MB
-
Sample
240513-qlhc2aha47
-
MD5
b9df02adac0846621482835cb8367aa0
-
SHA1
3fdce171a8de3b8018c5779b27bd95cc837faffd
-
SHA256
60f7d9f75d3f8cb8716ed9f1f9b77456c11d91e4f9f25c0f4eceaaf703dd12ac
-
SHA512
eb7d8c5529e97210a2b47858c391ae1052335a67599da48b46391f89cd6a73248ecab8fbe92b83f97950af10cf4165ad4d66b66bfd5b746f266c1e0fb2cc5457
-
SSDEEP
49152:HC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:HC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
b9df02adac0846621482835cb8367aa0_NeikiAnalytics.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
b9df02adac0846621482835cb8367aa0_NeikiAnalytics
-
Size
3.2MB
-
MD5
b9df02adac0846621482835cb8367aa0
-
SHA1
3fdce171a8de3b8018c5779b27bd95cc837faffd
-
SHA256
60f7d9f75d3f8cb8716ed9f1f9b77456c11d91e4f9f25c0f4eceaaf703dd12ac
-
SHA512
eb7d8c5529e97210a2b47858c391ae1052335a67599da48b46391f89cd6a73248ecab8fbe92b83f97950af10cf4165ad4d66b66bfd5b746f266c1e0fb2cc5457
-
SSDEEP
49152:HC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:HC0Fl8v/qXYrv5tG9uKJGAWl5N
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1