General
-
Target
ad6ef12cf7a949c7c81031cf356e7ba0_NeikiAnalytics.exe
-
Size
1.7MB
-
Sample
240524-1m2s6scd97
-
MD5
ad6ef12cf7a949c7c81031cf356e7ba0
-
SHA1
749214f44093844f23cae9745564181fe8f76e48
-
SHA256
76a54ee4f1e1db1cf0f31c2a49c986c0ec18bce4e5c6260c3ace4553be58539f
-
SHA512
cf596585f323525947bc171cb086fc8f3c5378f757d3898fff85a513f8a7befa5c2516827cc7835263b3898b3cfc3789a0dfb5e8b1a5c6cfb3fb1f5ec9a1d437
-
SSDEEP
24576:X2G/nvxW3WL3pNa6DARahVL3Ly+kl7FOONSUzzX+DkChIxy6e97mUPlxtKeG:XbA3ipNa8ARAxHe4k7g6e97mml2
Behavioral task
behavioral1
Sample
ad6ef12cf7a949c7c81031cf356e7ba0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ad6ef12cf7a949c7c81031cf356e7ba0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
ad6ef12cf7a949c7c81031cf356e7ba0_NeikiAnalytics.exe
-
Size
1.7MB
-
MD5
ad6ef12cf7a949c7c81031cf356e7ba0
-
SHA1
749214f44093844f23cae9745564181fe8f76e48
-
SHA256
76a54ee4f1e1db1cf0f31c2a49c986c0ec18bce4e5c6260c3ace4553be58539f
-
SHA512
cf596585f323525947bc171cb086fc8f3c5378f757d3898fff85a513f8a7befa5c2516827cc7835263b3898b3cfc3789a0dfb5e8b1a5c6cfb3fb1f5ec9a1d437
-
SSDEEP
24576:X2G/nvxW3WL3pNa6DARahVL3Ly+kl7FOONSUzzX+DkChIxy6e97mUPlxtKeG:XbA3ipNa8ARAxHe4k7g6e97mml2
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-