General
-
Target
00195dc23ea8cc5cb728c411f684ff40_NeikiAnalytics
-
Size
3.2MB
-
Sample
240513-xga7gsac85
-
MD5
00195dc23ea8cc5cb728c411f684ff40
-
SHA1
604a8ca144781805d4ea73de01caee8ba98c176d
-
SHA256
5d911e8e304885f5489587b85e5a43101d5a1078cbcb27727bdd16b78dd45df1
-
SHA512
218d3eb66ed906759a695160e8984e95e75aa2c7c4e5558d5941c16658f3e1df718213e307a9f8d3823fd4eaa8713e8cfda95f5de70b9d29cd29ad2ca73c3ddd
-
SSDEEP
98304:2smfE8eD0M782w1JSdvi199xP9/ecsFjPSz:2QNBY2S99xl
Behavioral task
behavioral1
Sample
00195dc23ea8cc5cb728c411f684ff40_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
00195dc23ea8cc5cb728c411f684ff40_NeikiAnalytics
-
Size
3.2MB
-
MD5
00195dc23ea8cc5cb728c411f684ff40
-
SHA1
604a8ca144781805d4ea73de01caee8ba98c176d
-
SHA256
5d911e8e304885f5489587b85e5a43101d5a1078cbcb27727bdd16b78dd45df1
-
SHA512
218d3eb66ed906759a695160e8984e95e75aa2c7c4e5558d5941c16658f3e1df718213e307a9f8d3823fd4eaa8713e8cfda95f5de70b9d29cd29ad2ca73c3ddd
-
SSDEEP
98304:2smfE8eD0M782w1JSdvi199xP9/ecsFjPSz:2QNBY2S99xl
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1