General
-
Target
86d014b6c68a6eb6e5920be0dd328930NeikiAnalytics.exe
-
Size
952KB
-
Sample
240601-a45naacd48
-
MD5
86d014b6c68a6eb6e5920be0dd328930
-
SHA1
33cc3802fc9f1f7ca800e1e69990c7e8b116bbf0
-
SHA256
2cc23ed7e6c654cda7131a13da2f6f9c07fa29f3bcfb416769c204d29e5f17ee
-
SHA512
6f7fa5960914aef3f85d203ea9312e81459bdedb21efa6eaf980ac44400dd6957629b4f5a7693bd06de5642507b176ac42717c7125ecdcdd00509ca5e9e8c3c0
-
SSDEEP
24576:e+O7F9smBDJwWmIezBLwsHuWbxR4AK5ZJXX:Z8/KfRTK
Behavioral task
behavioral1
Sample
86d014b6c68a6eb6e5920be0dd328930NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
86d014b6c68a6eb6e5920be0dd328930NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
86d014b6c68a6eb6e5920be0dd328930NeikiAnalytics.exe
-
Size
952KB
-
MD5
86d014b6c68a6eb6e5920be0dd328930
-
SHA1
33cc3802fc9f1f7ca800e1e69990c7e8b116bbf0
-
SHA256
2cc23ed7e6c654cda7131a13da2f6f9c07fa29f3bcfb416769c204d29e5f17ee
-
SHA512
6f7fa5960914aef3f85d203ea9312e81459bdedb21efa6eaf980ac44400dd6957629b4f5a7693bd06de5642507b176ac42717c7125ecdcdd00509ca5e9e8c3c0
-
SSDEEP
24576:e+O7F9smBDJwWmIezBLwsHuWbxR4AK5ZJXX:Z8/KfRTK
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1