General
-
Target
77177c57df58a82f289add0cf57ea320_NeikiAnalytics
-
Size
2.9MB
-
Sample
240515-ekwngsgb8y
-
MD5
77177c57df58a82f289add0cf57ea320
-
SHA1
38c0414cb96be176cdf3b965b870bdf5de04f4a4
-
SHA256
6f250581eae818938c64c4afa3446c7c36dfadda1d8b8ba20870ad0e05c7fe50
-
SHA512
67161531bc39774e219b77de3166c3216ff962ca81af0982a44a502bd25d333aa742f8fca8e5720d91b4e69ddd6c829a0e014b94f7af89d1ceb601691dd2c9b6
-
SSDEEP
49152:f4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:QDKmzjWnC8Wikx1DUN2/Uq
Behavioral task
behavioral1
Sample
77177c57df58a82f289add0cf57ea320_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
77177c57df58a82f289add0cf57ea320_NeikiAnalytics
-
Size
2.9MB
-
MD5
77177c57df58a82f289add0cf57ea320
-
SHA1
38c0414cb96be176cdf3b965b870bdf5de04f4a4
-
SHA256
6f250581eae818938c64c4afa3446c7c36dfadda1d8b8ba20870ad0e05c7fe50
-
SHA512
67161531bc39774e219b77de3166c3216ff962ca81af0982a44a502bd25d333aa742f8fca8e5720d91b4e69ddd6c829a0e014b94f7af89d1ceb601691dd2c9b6
-
SSDEEP
49152:f4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:QDKmzjWnC8Wikx1DUN2/Uq
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1