General

  • Target

    9538e582aa5407d8a4e30ac240e4e830NeikiAnalytics.exe

  • Size

    828KB

  • Sample

    240601-ktnl5afh6x

  • MD5

    9538e582aa5407d8a4e30ac240e4e830

  • SHA1

    f515fd4c6c6d93b2e8aa1714b9fd95bcd65405e5

  • SHA256

    0b345e5ae8de37b8d22088f8360badaeb389711706b1362bc96c599ed8f00489

  • SHA512

    21dcb7d928805ea64af9c553d74bb6ab0d3fb53e843ee004bce699dde3a09493d428d0c0fc1738ea5c61576f89c813722e016dc35ce0473646f0e924944373bb

  • SSDEEP

    12288:x8dTYc04P9dYg/0fEBqDxZb0vLFv8N5Ps+OxKp8Mo:GdTYc04dYPWqDxZXN5PdOxm8Mo

Score
10/10

Malware Config

Targets

    • Target

      9538e582aa5407d8a4e30ac240e4e830NeikiAnalytics.exe

    • Size

      828KB

    • MD5

      9538e582aa5407d8a4e30ac240e4e830

    • SHA1

      f515fd4c6c6d93b2e8aa1714b9fd95bcd65405e5

    • SHA256

      0b345e5ae8de37b8d22088f8360badaeb389711706b1362bc96c599ed8f00489

    • SHA512

      21dcb7d928805ea64af9c553d74bb6ab0d3fb53e843ee004bce699dde3a09493d428d0c0fc1738ea5c61576f89c813722e016dc35ce0473646f0e924944373bb

    • SSDEEP

      12288:x8dTYc04P9dYg/0fEBqDxZb0vLFv8N5Ps+OxKp8Mo:GdTYc04dYPWqDxZXN5PdOxm8Mo

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks