General

  • Target

    6c1f5d8c88959accc79396696fca4f40_NeikiAnalytics.exe

  • Size

    3.0MB

  • Sample

    240517-a29jfshe21

  • MD5

    6c1f5d8c88959accc79396696fca4f40

  • SHA1

    0d3d0aa5a6d57f6d6b4878fd8bb8a74abcfbf7f6

  • SHA256

    6010d342cb5d71301a5f43312c4d11e844f85cb3e8b84152a85fbdfbe0594d12

  • SHA512

    24f1f222587a9d30d268970f9d8838228ebb7d983443b8c2f1d1ac75181310ab8fa70358f1963391b2c3e368bc9eb74abca8b53d36e1bc3ad43a7efda1b38c82

  • SSDEEP

    49152:AZ2fRPDpkR3/hESpjo4uLDI3KoSPq3cXtFvOUcx3twYvr0G56/FBwzpTZoKh:07ZJ89LDSKrq3iGnnw+1YXw9OK

Malware Config

Targets

    • Target

      6c1f5d8c88959accc79396696fca4f40_NeikiAnalytics.exe

    • Size

      3.0MB

    • MD5

      6c1f5d8c88959accc79396696fca4f40

    • SHA1

      0d3d0aa5a6d57f6d6b4878fd8bb8a74abcfbf7f6

    • SHA256

      6010d342cb5d71301a5f43312c4d11e844f85cb3e8b84152a85fbdfbe0594d12

    • SHA512

      24f1f222587a9d30d268970f9d8838228ebb7d983443b8c2f1d1ac75181310ab8fa70358f1963391b2c3e368bc9eb74abca8b53d36e1bc3ad43a7efda1b38c82

    • SSDEEP

      49152:AZ2fRPDpkR3/hESpjo4uLDI3KoSPq3cXtFvOUcx3twYvr0G56/FBwzpTZoKh:07ZJ89LDSKrq3iGnnw+1YXw9OK

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks