General
-
Target
6ec473c3f722f7e420afa264c7f36dd0_NeikiAnalytics.exe
-
Size
1.0MB
-
Sample
240517-a722kahg3y
-
MD5
6ec473c3f722f7e420afa264c7f36dd0
-
SHA1
4ceef640edae4a39327ffbb8e99095dbd92d7f41
-
SHA256
85401422cc1a1d60b56b070580c4a09e7bb5ea132f0cd4def90da2e3b1092441
-
SHA512
ac02d3e5077f7f092c8afae170a779fabe61278c2cc4293feabc623fdca01075c897fc064a2c74e29c241c1cf78b9dfc15a06a88c09013fc05226ec279207bc5
-
SSDEEP
12288:/ubxAa9sUFxZ8oq7URPvyKBozWeL+vSgmtjJcDVrCTZSXlVB0mGEB0aNN/cPUeWl:g9sUFxZq7URPt6RL6nBrEZUjGE/L8YZ
Behavioral task
behavioral1
Sample
6ec473c3f722f7e420afa264c7f36dd0_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
6ec473c3f722f7e420afa264c7f36dd0_NeikiAnalytics.exe
-
Size
1.0MB
-
MD5
6ec473c3f722f7e420afa264c7f36dd0
-
SHA1
4ceef640edae4a39327ffbb8e99095dbd92d7f41
-
SHA256
85401422cc1a1d60b56b070580c4a09e7bb5ea132f0cd4def90da2e3b1092441
-
SHA512
ac02d3e5077f7f092c8afae170a779fabe61278c2cc4293feabc623fdca01075c897fc064a2c74e29c241c1cf78b9dfc15a06a88c09013fc05226ec279207bc5
-
SSDEEP
12288:/ubxAa9sUFxZ8oq7URPvyKBozWeL+vSgmtjJcDVrCTZSXlVB0mGEB0aNN/cPUeWl:g9sUFxZq7URPt6RL6nBrEZUjGE/L8YZ
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1