General
-
Target
a76c3992f0ce41945386691b991de4f0_NeikiAnalytics
-
Size
2.9MB
-
Sample
240515-jnl1nsfg9x
-
MD5
a76c3992f0ce41945386691b991de4f0
-
SHA1
694416f5f2cc6579af87f08175b52f9039930972
-
SHA256
92e319b1b62dd242ccb3feaaa29200780cc33c46a5b35a4f5723fbcd73976023
-
SHA512
6f8e49018ca2bd9ef4f002d968903cd6e414d61afbc68e8c70f74e1c473d612ed07f25af2c129fbd59105b71c9704cbc4c4b2e1b889ef3ebb8896a64b6ba7870
-
SSDEEP
49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq
Behavioral task
behavioral1
Sample
a76c3992f0ce41945386691b991de4f0_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
a76c3992f0ce41945386691b991de4f0_NeikiAnalytics
-
Size
2.9MB
-
MD5
a76c3992f0ce41945386691b991de4f0
-
SHA1
694416f5f2cc6579af87f08175b52f9039930972
-
SHA256
92e319b1b62dd242ccb3feaaa29200780cc33c46a5b35a4f5723fbcd73976023
-
SHA512
6f8e49018ca2bd9ef4f002d968903cd6e414d61afbc68e8c70f74e1c473d612ed07f25af2c129fbd59105b71c9704cbc4c4b2e1b889ef3ebb8896a64b6ba7870
-
SSDEEP
49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1