General
-
Target
9538e582aa5407d8a4e30ac240e4e830NeikiAnalytics.exe
-
Size
828KB
-
Sample
240601-ktnl5afh6x
-
MD5
9538e582aa5407d8a4e30ac240e4e830
-
SHA1
f515fd4c6c6d93b2e8aa1714b9fd95bcd65405e5
-
SHA256
0b345e5ae8de37b8d22088f8360badaeb389711706b1362bc96c599ed8f00489
-
SHA512
21dcb7d928805ea64af9c553d74bb6ab0d3fb53e843ee004bce699dde3a09493d428d0c0fc1738ea5c61576f89c813722e016dc35ce0473646f0e924944373bb
-
SSDEEP
12288:x8dTYc04P9dYg/0fEBqDxZb0vLFv8N5Ps+OxKp8Mo:GdTYc04dYPWqDxZXN5PdOxm8Mo
Behavioral task
behavioral1
Sample
9538e582aa5407d8a4e30ac240e4e830NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9538e582aa5407d8a4e30ac240e4e830NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
9538e582aa5407d8a4e30ac240e4e830NeikiAnalytics.exe
-
Size
828KB
-
MD5
9538e582aa5407d8a4e30ac240e4e830
-
SHA1
f515fd4c6c6d93b2e8aa1714b9fd95bcd65405e5
-
SHA256
0b345e5ae8de37b8d22088f8360badaeb389711706b1362bc96c599ed8f00489
-
SHA512
21dcb7d928805ea64af9c553d74bb6ab0d3fb53e843ee004bce699dde3a09493d428d0c0fc1738ea5c61576f89c813722e016dc35ce0473646f0e924944373bb
-
SSDEEP
12288:x8dTYc04P9dYg/0fEBqDxZb0vLFv8N5Ps+OxKp8Mo:GdTYc04dYPWqDxZXN5PdOxm8Mo
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-