General
-
Target
93b5c595ff8c92b8f2d840b37df0b780NeikiAnalytics.exe
-
Size
2.9MB
-
Sample
240601-jylgwsff55
-
MD5
93b5c595ff8c92b8f2d840b37df0b780
-
SHA1
1c6672a4693875e71d0917826cdad93eaed8b33b
-
SHA256
ea17230cdefb26e83505143a9b7c1975c802e099353ee28bf094aa9df4b43870
-
SHA512
34bac0b7a770e021afbc0629dce12f56540e2f993f9d03392ce997d1cb1d7b42a5249fb38561c96ee8e98f62317572c4d36d1062da7836d00ecd3f0a29986221
-
SSDEEP
49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq
Behavioral task
behavioral1
Sample
93b5c595ff8c92b8f2d840b37df0b780NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
93b5c595ff8c92b8f2d840b37df0b780NeikiAnalytics.exe
-
Size
2.9MB
-
MD5
93b5c595ff8c92b8f2d840b37df0b780
-
SHA1
1c6672a4693875e71d0917826cdad93eaed8b33b
-
SHA256
ea17230cdefb26e83505143a9b7c1975c802e099353ee28bf094aa9df4b43870
-
SHA512
34bac0b7a770e021afbc0629dce12f56540e2f993f9d03392ce997d1cb1d7b42a5249fb38561c96ee8e98f62317572c4d36d1062da7836d00ecd3f0a29986221
-
SSDEEP
49152:H4DKm+cjWnC8WLqxdGWJMcWI2TJT1Q0UN2Trsljq:YDKmzjWnC8Wikx1DUN2/Uq
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1