General

  • Target

    d46e2f5007e8af971c34a17bafe544d0_NeikiAnalytics

  • Size

    829KB

  • Sample

    240516-lfjaxsee59

  • MD5

    d46e2f5007e8af971c34a17bafe544d0

  • SHA1

    3fa71c422597d24af29bf942bc3e7dfba404f6dd

  • SHA256

    eaa9a6674a2c49762574bd10294cfe737e37c7793f4c88d0ba3700db73e15b55

  • SHA512

    03d1e1ec5cff82c2fe61732d08f98d5bb8c263c081008be1ecc1bd8d359787460762773034906a52e933daf25e0ac07f9a82a1f9721e2e824e354e90100e35ef

  • SSDEEP

    12288:lCFCcYc/Cg2QGAtikngWn3IgPZA9H7id2naI+:l9cYc/IOikngWnYnH7id2ng

Score
10/10

Malware Config

Targets

    • Target

      d46e2f5007e8af971c34a17bafe544d0_NeikiAnalytics

    • Size

      829KB

    • MD5

      d46e2f5007e8af971c34a17bafe544d0

    • SHA1

      3fa71c422597d24af29bf942bc3e7dfba404f6dd

    • SHA256

      eaa9a6674a2c49762574bd10294cfe737e37c7793f4c88d0ba3700db73e15b55

    • SHA512

      03d1e1ec5cff82c2fe61732d08f98d5bb8c263c081008be1ecc1bd8d359787460762773034906a52e933daf25e0ac07f9a82a1f9721e2e824e354e90100e35ef

    • SSDEEP

      12288:lCFCcYc/Cg2QGAtikngWn3IgPZA9H7id2naI+:l9cYc/IOikngWnYnH7id2ng

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks