General
-
Target
a043d8deaf4cb618bcd1973d06c8c670_NeikiAnalytics.exe
-
Size
1.7MB
-
Sample
240523-fq2x5aef7w
-
MD5
a043d8deaf4cb618bcd1973d06c8c670
-
SHA1
9f0644411da819485df9bc1f0e23eb6b65ea15af
-
SHA256
e659c778f5a724d4a05b742397966e8d9db42366225f826361e0279c1f30af9d
-
SHA512
2808f2914cc69f7d0ab994c17719c1df821bf8dc6883da4a8b728ee8e21796c5d26f4968dca08da44d344381fd725c5cfb363c77966a03e490b3e693eca37843
-
SSDEEP
49152:397qdNJl6WBNgk7OM+l8eW7ILtQmgMvp:39QCkiM+KILGXa
Behavioral task
behavioral1
Sample
a043d8deaf4cb618bcd1973d06c8c670_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a043d8deaf4cb618bcd1973d06c8c670_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a043d8deaf4cb618bcd1973d06c8c670_NeikiAnalytics.exe
-
Size
1.7MB
-
MD5
a043d8deaf4cb618bcd1973d06c8c670
-
SHA1
9f0644411da819485df9bc1f0e23eb6b65ea15af
-
SHA256
e659c778f5a724d4a05b742397966e8d9db42366225f826361e0279c1f30af9d
-
SHA512
2808f2914cc69f7d0ab994c17719c1df821bf8dc6883da4a8b728ee8e21796c5d26f4968dca08da44d344381fd725c5cfb363c77966a03e490b3e693eca37843
-
SSDEEP
49152:397qdNJl6WBNgk7OM+l8eW7ILtQmgMvp:39QCkiM+KILGXa
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1