General
-
Target
d67c083b7f55c40deae2ac79549d0a70_NeikiAnalytics
-
Size
3.2MB
-
Sample
240515-rwbtnsdh22
-
MD5
d67c083b7f55c40deae2ac79549d0a70
-
SHA1
c47be45497fe044d732a847a21b7b2be0172c8c5
-
SHA256
ba381b7847ed129aa068cee625f78d7a8ec511a55d55feb86e22159ab43b6357
-
SHA512
2fb0a24efd4e6349cc1f0f4193ac1b512dcb679478b65f51fb967b6c736192eb0e161e7020756e4a9ce03f89aae7789bac5ce57c0968ee60b095a25654511d6d
-
SSDEEP
49152:HC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:HC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
d67c083b7f55c40deae2ac79549d0a70_NeikiAnalytics.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
d67c083b7f55c40deae2ac79549d0a70_NeikiAnalytics
-
Size
3.2MB
-
MD5
d67c083b7f55c40deae2ac79549d0a70
-
SHA1
c47be45497fe044d732a847a21b7b2be0172c8c5
-
SHA256
ba381b7847ed129aa068cee625f78d7a8ec511a55d55feb86e22159ab43b6357
-
SHA512
2fb0a24efd4e6349cc1f0f4193ac1b512dcb679478b65f51fb967b6c736192eb0e161e7020756e4a9ce03f89aae7789bac5ce57c0968ee60b095a25654511d6d
-
SSDEEP
49152:HC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:HC0Fl8v/qXYrv5tG9uKJGAWl5N
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1