General
-
Target
a043d8deaf4cb618bcd1973d06c8c670_NeikiAnalytics.exe
-
Size
1.7MB
-
Sample
240523-fq2x5aef7w
-
MD5
a043d8deaf4cb618bcd1973d06c8c670
-
SHA1
9f0644411da819485df9bc1f0e23eb6b65ea15af
-
SHA256
e659c778f5a724d4a05b742397966e8d9db42366225f826361e0279c1f30af9d
-
SHA512
2808f2914cc69f7d0ab994c17719c1df821bf8dc6883da4a8b728ee8e21796c5d26f4968dca08da44d344381fd725c5cfb363c77966a03e490b3e693eca37843
-
SSDEEP
49152:397qdNJl6WBNgk7OM+l8eW7ILtQmgMvp:39QCkiM+KILGXa
Malware Config
Targets
-
-
Target
a043d8deaf4cb618bcd1973d06c8c670_NeikiAnalytics.exe
-
Size
1.7MB
-
MD5
a043d8deaf4cb618bcd1973d06c8c670
-
SHA1
9f0644411da819485df9bc1f0e23eb6b65ea15af
-
SHA256
e659c778f5a724d4a05b742397966e8d9db42366225f826361e0279c1f30af9d
-
SHA512
2808f2914cc69f7d0ab994c17719c1df821bf8dc6883da4a8b728ee8e21796c5d26f4968dca08da44d344381fd725c5cfb363c77966a03e490b3e693eca37843
-
SSDEEP
49152:397qdNJl6WBNgk7OM+l8eW7ILtQmgMvp:39QCkiM+KILGXa
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass
-
DCRat payload
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1