General

  • Target

    4bec34d79d2e920bf234f4836b54a5f0_NeikiAnalytics

  • Size

    1.4MB

  • Sample

    240514-bt84dseb95

  • MD5

    4bec34d79d2e920bf234f4836b54a5f0

  • SHA1

    cc0cbb5240d0647f4e1ce31297c9be3dda6ff63e

  • SHA256

    845318e1a65284778f53efd4f5d611e41dfe11138432d7e266e5568595d4f920

  • SHA512

    0889b8a31da1da823438da8e747ed87acd54d6806519a5723328f3968ca6cb205953598dc84a58ab602d16c2e657aed3f6fd95355e797dc2e23bbfd3940ac862

  • SSDEEP

    24576:sb0k+mAJhhjPadFWlFCj1braPSoSnj9w5pi2E4hsc9yhh8mtffogLrsyp:vk+Bh2LWlIlJO5U2B9u9fuy

Score
10/10

Malware Config

Targets

    • Target

      4bec34d79d2e920bf234f4836b54a5f0_NeikiAnalytics

    • Size

      1.4MB

    • MD5

      4bec34d79d2e920bf234f4836b54a5f0

    • SHA1

      cc0cbb5240d0647f4e1ce31297c9be3dda6ff63e

    • SHA256

      845318e1a65284778f53efd4f5d611e41dfe11138432d7e266e5568595d4f920

    • SHA512

      0889b8a31da1da823438da8e747ed87acd54d6806519a5723328f3968ca6cb205953598dc84a58ab602d16c2e657aed3f6fd95355e797dc2e23bbfd3940ac862

    • SSDEEP

      24576:sb0k+mAJhhjPadFWlFCj1braPSoSnj9w5pi2E4hsc9yhh8mtffogLrsyp:vk+Bh2LWlIlJO5U2B9u9fuy

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks