General
-
Target
41b66abbfe882fa7c51329c405ce76a66af8f1ff80fa7d70662f5ba2abadd87a_NeikiAnalytics.exe
-
Size
2.9MB
-
Sample
240623-gdr3tsvgjr
-
MD5
679fac8c8622da04e0df4979a6f946f0
-
SHA1
f2c438cde01b9ae74a0981aa9d67a454fe07068b
-
SHA256
41b66abbfe882fa7c51329c405ce76a66af8f1ff80fa7d70662f5ba2abadd87a
-
SHA512
c424d1417439c4c7b5314936d5941e3020fcd3fc28c70721d99a34a7879ac82b0f4736dcf82db8990339d91300d61046f48e6757c4be84020b045ce79b6676fa
-
SSDEEP
49152:6W9igyOiGBRSMK5rF8+83C/j6rY6wkcXYowBy87RI7UlnjDJP:6WwA/RnarF8+8S/j6rY6wk6qyGwU1j1P
Behavioral task
behavioral1
Sample
41b66abbfe882fa7c51329c405ce76a66af8f1ff80fa7d70662f5ba2abadd87a_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
41b66abbfe882fa7c51329c405ce76a66af8f1ff80fa7d70662f5ba2abadd87a_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
41b66abbfe882fa7c51329c405ce76a66af8f1ff80fa7d70662f5ba2abadd87a_NeikiAnalytics.exe
-
Size
2.9MB
-
MD5
679fac8c8622da04e0df4979a6f946f0
-
SHA1
f2c438cde01b9ae74a0981aa9d67a454fe07068b
-
SHA256
41b66abbfe882fa7c51329c405ce76a66af8f1ff80fa7d70662f5ba2abadd87a
-
SHA512
c424d1417439c4c7b5314936d5941e3020fcd3fc28c70721d99a34a7879ac82b0f4736dcf82db8990339d91300d61046f48e6757c4be84020b045ce79b6676fa
-
SSDEEP
49152:6W9igyOiGBRSMK5rF8+83C/j6rY6wkcXYowBy87RI7UlnjDJP:6WwA/RnarF8+8S/j6rY6wk6qyGwU1j1P
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1