General

  • Target

    e006d21af325e490696eac189d6fe9f0_NeikiAnalytics

  • Size

    828KB

  • Sample

    240516-qe63taec4s

  • MD5

    e006d21af325e490696eac189d6fe9f0

  • SHA1

    cce2f3a4a2cc3b6ab5161201639dcdd853b8f5ca

  • SHA256

    0cc2a158f676462d631f265f149ef0f1fe1f698e0487877d3e7c17a07c52dcd0

  • SHA512

    933df81a32489d40da8840abc0aaa606598d35b289dbca69ba465499745feaa1a7d05c50d4dccd63d498b84d8378e34575f611c1fd18a801ca36c07619d79811

  • SSDEEP

    12288:ooQUC/VdATqagGCW4TXQ3fPND877TIYCHUO+/biBHuZ/TMib+hV:E//PATqoCW4jYlK7k/StY++hV

Score
10/10

Malware Config

Targets

    • Target

      e006d21af325e490696eac189d6fe9f0_NeikiAnalytics

    • Size

      828KB

    • MD5

      e006d21af325e490696eac189d6fe9f0

    • SHA1

      cce2f3a4a2cc3b6ab5161201639dcdd853b8f5ca

    • SHA256

      0cc2a158f676462d631f265f149ef0f1fe1f698e0487877d3e7c17a07c52dcd0

    • SHA512

      933df81a32489d40da8840abc0aaa606598d35b289dbca69ba465499745feaa1a7d05c50d4dccd63d498b84d8378e34575f611c1fd18a801ca36c07619d79811

    • SSDEEP

      12288:ooQUC/VdATqagGCW4TXQ3fPND877TIYCHUO+/biBHuZ/TMib+hV:E//PATqoCW4jYlK7k/StY++hV

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks