General
-
Target
4bec34d79d2e920bf234f4836b54a5f0_NeikiAnalytics
-
Size
1.4MB
-
Sample
240514-bt84dseb95
-
MD5
4bec34d79d2e920bf234f4836b54a5f0
-
SHA1
cc0cbb5240d0647f4e1ce31297c9be3dda6ff63e
-
SHA256
845318e1a65284778f53efd4f5d611e41dfe11138432d7e266e5568595d4f920
-
SHA512
0889b8a31da1da823438da8e747ed87acd54d6806519a5723328f3968ca6cb205953598dc84a58ab602d16c2e657aed3f6fd95355e797dc2e23bbfd3940ac862
-
SSDEEP
24576:sb0k+mAJhhjPadFWlFCj1braPSoSnj9w5pi2E4hsc9yhh8mtffogLrsyp:vk+Bh2LWlIlJO5U2B9u9fuy
Behavioral task
behavioral1
Sample
4bec34d79d2e920bf234f4836b54a5f0_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
4bec34d79d2e920bf234f4836b54a5f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4bec34d79d2e920bf234f4836b54a5f0_NeikiAnalytics
-
Size
1.4MB
-
MD5
4bec34d79d2e920bf234f4836b54a5f0
-
SHA1
cc0cbb5240d0647f4e1ce31297c9be3dda6ff63e
-
SHA256
845318e1a65284778f53efd4f5d611e41dfe11138432d7e266e5568595d4f920
-
SHA512
0889b8a31da1da823438da8e747ed87acd54d6806519a5723328f3968ca6cb205953598dc84a58ab602d16c2e657aed3f6fd95355e797dc2e23bbfd3940ac862
-
SSDEEP
24576:sb0k+mAJhhjPadFWlFCj1braPSoSnj9w5pi2E4hsc9yhh8mtffogLrsyp:vk+Bh2LWlIlJO5U2B9u9fuy
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-