General
-
Target
734f4ee215cafb87214221d572d5c660_NeikiAnalytics
-
Size
1.0MB
-
Sample
240514-eq2fxsac3s
-
MD5
734f4ee215cafb87214221d572d5c660
-
SHA1
36b2b6ceae28a15c765dc28c19a6cebfe39866d5
-
SHA256
6637617b15474b43846983ba5fec458473677fd52408d6f09eaf557a8daa9d5a
-
SHA512
2070b0a7163280a48590955a8063869bbf521048163fe5e993283a06d92b25e7ca6b33782db1cd89f7631c21b646956cf42622e5945c6ba67f1f6ff962604a21
-
SSDEEP
12288:zXDkXlsYZVs6NanExuLCEHFT5J90YJqNn4qiXY+ii94vX1lnXMquJTloyf5II2xO:zzysYZV+Ec1OZ4XY+iLNXuJxXb
Behavioral task
behavioral1
Sample
734f4ee215cafb87214221d572d5c660_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
734f4ee215cafb87214221d572d5c660_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
734f4ee215cafb87214221d572d5c660_NeikiAnalytics
-
Size
1.0MB
-
MD5
734f4ee215cafb87214221d572d5c660
-
SHA1
36b2b6ceae28a15c765dc28c19a6cebfe39866d5
-
SHA256
6637617b15474b43846983ba5fec458473677fd52408d6f09eaf557a8daa9d5a
-
SHA512
2070b0a7163280a48590955a8063869bbf521048163fe5e993283a06d92b25e7ca6b33782db1cd89f7631c21b646956cf42622e5945c6ba67f1f6ff962604a21
-
SSDEEP
12288:zXDkXlsYZVs6NanExuLCEHFT5J90YJqNn4qiXY+ii94vX1lnXMquJTloyf5II2xO:zzysYZV+Ec1OZ4XY+iLNXuJxXb
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-