General
-
Target
da302f8b90f36acd84743c7639d4e0d0_NeikiAnalytics
-
Size
3.2MB
-
Sample
240516-mal1asff9z
-
MD5
da302f8b90f36acd84743c7639d4e0d0
-
SHA1
f8fdb617872a6f31fc21b7d7826efba0651077a4
-
SHA256
a22fcf8eea502fd77a86507ef856f97512aeed2006a0d79f122850f5d14dcf9b
-
SHA512
cb2392bfd6277ba436ccf0421baccbae4f2b6ef2ecbcd2c72c95de2e3a820a212cd9c7d3662795290341d9c285e75a8a2111fda8bb1ec296a9772689a9af9646
-
SSDEEP
98304:msmfE8eD0M782w1JSdvi199xP9/ecsFjPSz:mQNBY2S99xl
Behavioral task
behavioral1
Sample
da302f8b90f36acd84743c7639d4e0d0_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
da302f8b90f36acd84743c7639d4e0d0_NeikiAnalytics
-
Size
3.2MB
-
MD5
da302f8b90f36acd84743c7639d4e0d0
-
SHA1
f8fdb617872a6f31fc21b7d7826efba0651077a4
-
SHA256
a22fcf8eea502fd77a86507ef856f97512aeed2006a0d79f122850f5d14dcf9b
-
SHA512
cb2392bfd6277ba436ccf0421baccbae4f2b6ef2ecbcd2c72c95de2e3a820a212cd9c7d3662795290341d9c285e75a8a2111fda8bb1ec296a9772689a9af9646
-
SSDEEP
98304:msmfE8eD0M782w1JSdvi199xP9/ecsFjPSz:mQNBY2S99xl
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1