General

  • Target

    5a0176742f0d5209450c8c8f931913d0_NeikiAnalytics.exe

  • Size

    829KB

  • Sample

    240602-j7ncvage75

  • MD5

    5a0176742f0d5209450c8c8f931913d0

  • SHA1

    28dc2acae144024060ad9ca11b7e553cfdf0ce99

  • SHA256

    dc39dc8bdd216fb301fefb0c0a26e0bcfb548c2b5d56b8e77530cc23a67d1baa

  • SHA512

    1894c6b77762073d6b56eee33a515fc082c8d25bb669f5cf5e97143d324fbd18b0cc2b73ccd3d11623e91a70df29f5765802c4eed5ec6b7cb2b133c582c5a548

  • SSDEEP

    12288:1o4cGqwWGr9kUtT+G8Yrlcw+q73PL6MDYUVj+YaS:rcGqwr9k0+vYxcLMDHjaS

Score
10/10

Malware Config

Targets

    • Target

      5a0176742f0d5209450c8c8f931913d0_NeikiAnalytics.exe

    • Size

      829KB

    • MD5

      5a0176742f0d5209450c8c8f931913d0

    • SHA1

      28dc2acae144024060ad9ca11b7e553cfdf0ce99

    • SHA256

      dc39dc8bdd216fb301fefb0c0a26e0bcfb548c2b5d56b8e77530cc23a67d1baa

    • SHA512

      1894c6b77762073d6b56eee33a515fc082c8d25bb669f5cf5e97143d324fbd18b0cc2b73ccd3d11623e91a70df29f5765802c4eed5ec6b7cb2b133c582c5a548

    • SSDEEP

      12288:1o4cGqwWGr9kUtT+G8Yrlcw+q73PL6MDYUVj+YaS:rcGqwr9k0+vYxcLMDHjaS

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks