General
-
Target
5758f08ee8daacd956d144b547105710_NeikiAnalytics
-
Size
3.1MB
-
Sample
240515-bmrkrshh3s
-
MD5
5758f08ee8daacd956d144b547105710
-
SHA1
eb9a247be053dc3ffc9986add72c3c95b9a1dcd1
-
SHA256
fc7b46480fd584b41761e56b5a4ac9c99ba65f3f09f5b96fc7379aaf279c7c1c
-
SHA512
2cd545ddc2e51cd5cedcf8040cacf66a0d60bfba4b92635ee7b2343e65808c939cfe961d61a50ebddbbdbc302ccec3db8b0b0a2ab5d4afcfbc2a61344f7d0c24
-
SSDEEP
49152:LbX4Wu2bK/B8fKsJOfivj+8TeCUN0LhZxs2AbBT7VWernS5D+oCPgpifYulI2a:/4W9K/KTag9BUNWS7JnS5qoBifHva
Behavioral task
behavioral1
Sample
5758f08ee8daacd956d144b547105710_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
5758f08ee8daacd956d144b547105710_NeikiAnalytics
-
Size
3.1MB
-
MD5
5758f08ee8daacd956d144b547105710
-
SHA1
eb9a247be053dc3ffc9986add72c3c95b9a1dcd1
-
SHA256
fc7b46480fd584b41761e56b5a4ac9c99ba65f3f09f5b96fc7379aaf279c7c1c
-
SHA512
2cd545ddc2e51cd5cedcf8040cacf66a0d60bfba4b92635ee7b2343e65808c939cfe961d61a50ebddbbdbc302ccec3db8b0b0a2ab5d4afcfbc2a61344f7d0c24
-
SSDEEP
49152:LbX4Wu2bK/B8fKsJOfivj+8TeCUN0LhZxs2AbBT7VWernS5D+oCPgpifYulI2a:/4W9K/KTag9BUNWS7JnS5qoBifHva
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1