General
-
Target
990d69ce8a7a58fa44a5071429041ff0_NeikiAnalytics
-
Size
2.9MB
-
Sample
240514-hlwxeseb7z
-
MD5
990d69ce8a7a58fa44a5071429041ff0
-
SHA1
0f2603214e0b81c26a094b7e5fe76b7fa40be4b1
-
SHA256
15da106135fb0203f99b4cea15f31623008d8d81faf4648b494b2b53a2ee85ce
-
SHA512
6197dbd8e964fcc41df771b3defc6e0e2186c93d275bbd9fcc9745298cf3d3631fbfcd21058c2257a8d80f7fe258bcd33d5dbbe23d6b66702297aeeb2edb00dc
-
SSDEEP
49152:P4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:gDKmzjWnC8Wikx1DUN2/Uq
Behavioral task
behavioral1
Sample
990d69ce8a7a58fa44a5071429041ff0_NeikiAnalytics.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
990d69ce8a7a58fa44a5071429041ff0_NeikiAnalytics
-
Size
2.9MB
-
MD5
990d69ce8a7a58fa44a5071429041ff0
-
SHA1
0f2603214e0b81c26a094b7e5fe76b7fa40be4b1
-
SHA256
15da106135fb0203f99b4cea15f31623008d8d81faf4648b494b2b53a2ee85ce
-
SHA512
6197dbd8e964fcc41df771b3defc6e0e2186c93d275bbd9fcc9745298cf3d3631fbfcd21058c2257a8d80f7fe258bcd33d5dbbe23d6b66702297aeeb2edb00dc
-
SSDEEP
49152:P4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:gDKmzjWnC8Wikx1DUN2/Uq
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1