General

  • Target

    5758f08ee8daacd956d144b547105710_NeikiAnalytics

  • Size

    3.1MB

  • Sample

    240515-bmrkrshh3s

  • MD5

    5758f08ee8daacd956d144b547105710

  • SHA1

    eb9a247be053dc3ffc9986add72c3c95b9a1dcd1

  • SHA256

    fc7b46480fd584b41761e56b5a4ac9c99ba65f3f09f5b96fc7379aaf279c7c1c

  • SHA512

    2cd545ddc2e51cd5cedcf8040cacf66a0d60bfba4b92635ee7b2343e65808c939cfe961d61a50ebddbbdbc302ccec3db8b0b0a2ab5d4afcfbc2a61344f7d0c24

  • SSDEEP

    49152:LbX4Wu2bK/B8fKsJOfivj+8TeCUN0LhZxs2AbBT7VWernS5D+oCPgpifYulI2a:/4W9K/KTag9BUNWS7JnS5qoBifHva

Malware Config

Targets

    • Target

      5758f08ee8daacd956d144b547105710_NeikiAnalytics

    • Size

      3.1MB

    • MD5

      5758f08ee8daacd956d144b547105710

    • SHA1

      eb9a247be053dc3ffc9986add72c3c95b9a1dcd1

    • SHA256

      fc7b46480fd584b41761e56b5a4ac9c99ba65f3f09f5b96fc7379aaf279c7c1c

    • SHA512

      2cd545ddc2e51cd5cedcf8040cacf66a0d60bfba4b92635ee7b2343e65808c939cfe961d61a50ebddbbdbc302ccec3db8b0b0a2ab5d4afcfbc2a61344f7d0c24

    • SSDEEP

      49152:LbX4Wu2bK/B8fKsJOfivj+8TeCUN0LhZxs2AbBT7VWernS5D+oCPgpifYulI2a:/4W9K/KTag9BUNWS7JnS5qoBifHva

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • UAC bypass

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks