General
-
Target
e006d21af325e490696eac189d6fe9f0_NeikiAnalytics
-
Size
828KB
-
Sample
240516-qe63taec4s
-
MD5
e006d21af325e490696eac189d6fe9f0
-
SHA1
cce2f3a4a2cc3b6ab5161201639dcdd853b8f5ca
-
SHA256
0cc2a158f676462d631f265f149ef0f1fe1f698e0487877d3e7c17a07c52dcd0
-
SHA512
933df81a32489d40da8840abc0aaa606598d35b289dbca69ba465499745feaa1a7d05c50d4dccd63d498b84d8378e34575f611c1fd18a801ca36c07619d79811
-
SSDEEP
12288:ooQUC/VdATqagGCW4TXQ3fPND877TIYCHUO+/biBHuZ/TMib+hV:E//PATqoCW4jYlK7k/StY++hV
Behavioral task
behavioral1
Sample
e006d21af325e490696eac189d6fe9f0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
e006d21af325e490696eac189d6fe9f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
e006d21af325e490696eac189d6fe9f0_NeikiAnalytics
-
Size
828KB
-
MD5
e006d21af325e490696eac189d6fe9f0
-
SHA1
cce2f3a4a2cc3b6ab5161201639dcdd853b8f5ca
-
SHA256
0cc2a158f676462d631f265f149ef0f1fe1f698e0487877d3e7c17a07c52dcd0
-
SHA512
933df81a32489d40da8840abc0aaa606598d35b289dbca69ba465499745feaa1a7d05c50d4dccd63d498b84d8378e34575f611c1fd18a801ca36c07619d79811
-
SSDEEP
12288:ooQUC/VdATqagGCW4TXQ3fPND877TIYCHUO+/biBHuZ/TMib+hV:E//PATqoCW4jYlK7k/StY++hV
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-