General
-
Target
dfe2a7d1e80181a3fcf84a7c0b0c44c0_NeikiAnalytics
-
Size
3.2MB
-
Sample
240516-qctdyaee48
-
MD5
dfe2a7d1e80181a3fcf84a7c0b0c44c0
-
SHA1
6bde52ed399d07d43a24c4a03d0abb25dea6df96
-
SHA256
a0bbb5f5a121166366ca545b1b37d4a6b9d54562212cdef13bb052e7c342577c
-
SHA512
fa9e812e795218f05cf158c0d13a50b485439afa9ba5ec3780e3b820c3d793cdbbe24bdadc9048eff33fa70948d0129c070c2e29fc8cc79adf5cbdca89509c66
-
SSDEEP
49152:vC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:vC0Fl8v/qXYrv5tG9uKJGAWl5N
Behavioral task
behavioral1
Sample
dfe2a7d1e80181a3fcf84a7c0b0c44c0_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
dfe2a7d1e80181a3fcf84a7c0b0c44c0_NeikiAnalytics
-
Size
3.2MB
-
MD5
dfe2a7d1e80181a3fcf84a7c0b0c44c0
-
SHA1
6bde52ed399d07d43a24c4a03d0abb25dea6df96
-
SHA256
a0bbb5f5a121166366ca545b1b37d4a6b9d54562212cdef13bb052e7c342577c
-
SHA512
fa9e812e795218f05cf158c0d13a50b485439afa9ba5ec3780e3b820c3d793cdbbe24bdadc9048eff33fa70948d0129c070c2e29fc8cc79adf5cbdca89509c66
-
SSDEEP
49152:vC0Fl8v/911bwaEYpdYUVsk3DZGAy55kBsfJGAW6KyWUcPmWQpE:vC0Fl8v/qXYrv5tG9uKJGAWl5N
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1