General
-
Target
5a0176742f0d5209450c8c8f931913d0_NeikiAnalytics.exe
-
Size
829KB
-
Sample
240602-j7ncvage75
-
MD5
5a0176742f0d5209450c8c8f931913d0
-
SHA1
28dc2acae144024060ad9ca11b7e553cfdf0ce99
-
SHA256
dc39dc8bdd216fb301fefb0c0a26e0bcfb548c2b5d56b8e77530cc23a67d1baa
-
SHA512
1894c6b77762073d6b56eee33a515fc082c8d25bb669f5cf5e97143d324fbd18b0cc2b73ccd3d11623e91a70df29f5765802c4eed5ec6b7cb2b133c582c5a548
-
SSDEEP
12288:1o4cGqwWGr9kUtT+G8Yrlcw+q73PL6MDYUVj+YaS:rcGqwr9k0+vYxcLMDHjaS
Behavioral task
behavioral1
Sample
5a0176742f0d5209450c8c8f931913d0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5a0176742f0d5209450c8c8f931913d0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
5a0176742f0d5209450c8c8f931913d0_NeikiAnalytics.exe
-
Size
829KB
-
MD5
5a0176742f0d5209450c8c8f931913d0
-
SHA1
28dc2acae144024060ad9ca11b7e553cfdf0ce99
-
SHA256
dc39dc8bdd216fb301fefb0c0a26e0bcfb548c2b5d56b8e77530cc23a67d1baa
-
SHA512
1894c6b77762073d6b56eee33a515fc082c8d25bb669f5cf5e97143d324fbd18b0cc2b73ccd3d11623e91a70df29f5765802c4eed5ec6b7cb2b133c582c5a548
-
SSDEEP
12288:1o4cGqwWGr9kUtT+G8Yrlcw+q73PL6MDYUVj+YaS:rcGqwr9k0+vYxcLMDHjaS
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-