neshta

Resubmissions

21-11-2023 21:25

231121-z9p78agf85 10

16-04-2023 14:14

230416-rj2vbsca6z 10

Sharing

Copy URL

Twitter E-mail

General

Target

QZK RAT Free.zip
Size

135.8MB
Sample

230416-rj2vbsca6z
MD5

137b00100757794f85bfd997700ee1e8
SHA1

0d558b31fbe2e90babd7cdd4058d53ec66fa60de
SHA256

5690987418e7898137bb9f8e706d3ff8f196b1dc612be983012524235f64f6af
SHA512

f7283e2e1cdbff26e4c2ecca2f990c72d0703412472cccf0212c81bbf9a0979ee2e3ac6c55f1324cbab98b27392776f49319e6bbc84d7784138d89f29353bb8e
SSDEEP

3145728:AgC3YNSUW9fG+SbOeuzqHc3C6JDnnTj/Xi8BiVsspOMZ0kr+tQzapQG8KAt086UD:AgCasqOeLc3C6JbP/XiTo3krnglgD

Score

10^/10

Malware Config

Targets

- Target
  
  QZK RAT Free/Bug Fixer.dll
- Size
  
  122.2MB
- MD5
  
  a54e1b46fb8f24ab0f8ee2528098b1b5
- SHA1
  
  f110a574dbff2b59721d6d526c5640733d6fd094
- SHA256
  
  4d1b3e552e4b4a455803c6143490aab97d572bf5376cb9c2cb140bf56c58bb95
- SHA512
  
  3e73690767d589ba3d97fcda8d7e1892ddc7b2ff2cc00f52241e50c958b2d3f83d8e5450d201980c64147b90f516255b4932912e241afd82a83bf70c494c1081
- SSDEEP
  
  3145728:VhgY/ofQVcj0/kYp09gG3croHnbfTKGu7SLtJB:VhgYQckYqb3GibfeWr
Score

1^/10
behavioral1
- Target
  
  QZK RAT Free/Bug Fixer.dll.config
- Size
  
  161B
- MD5
  
  c16b0746faa39818049fe38709a82c62
- SHA1
  
  3fa322fe6ed724b1bc4fd52795428a36b7b8c131
- SHA256
  
  d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad
- SHA512
  
  cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c
Score

1^/10
behavioral2
- Target
  
  QZK RAT Free/ConversionWrapper.dll
- Size
  
  15KB
- MD5
  
  53c98fc84721d640c568721a06bfa9d0
- SHA1
  
  5d40974f80cda617c0fdc6f50a45117a5e3f1552
- SHA256
  
  38e9594b37f6382202ffd3f553c29fee47b725edc6f619c7dfe5fb0941e43a30
- SHA512
  
  0e673b4e0f311e84e82cc58e8d41db6dc496a25d0133293939f81de9fa23beecd5f9d4bb6b704c95976bee38e6c9a9c616acf79406ad5da62dcdb9f0cfd1febf
- SSDEEP
  
  384:TxzJ6m1jAQ3qrZB7liM+VqrFcwad+LRp6BPkI:N0/vlitocB/f
Score

1^/10
behavioral3
- Target
  
  QZK RAT Free/EPPlus.Interfaces.dll
- Size
  
  6KB
- MD5
  
  03b939b9cfdc81001dc493193d093124
- SHA1
  
  363377689b490414552253b918ff3c674210a4d2
- SHA256
  
  ff96bf2475e44f10647f8641bbac12aaf686ff6060080651923ba57bb80c57c0
- SHA512
  
  0fac5725adc72fcdc6293d8a56c0dd188512b61f6aa4b5fbb91c251e70c357af9b055b0aaeb4612389aa84714f3516defcc85fd608ccae9f9b5e148a8537aa1c
- SSDEEP
  
  96:9Br+hUJ5C63EhOoK3zriBRUQbceerdIgJPRolfOR:7FJ5CNhwGq8
Score

1^/10
behavioral4
- Target
  
  QZK RAT Free/EPPlus.System.Drawing.dll
- Size
  
  7KB
- MD5
  
  807d52b8f0d61ae00ffbbff66d31f957
- SHA1
  
  c33f6123c0c0cf2d07db1538f4e1f75e10519c37
- SHA256
  
  875137c5b89fb678a5bb78dfe90becc2366750beb44bb98a6990db48ef79cabc
- SHA512
  
  2cdfb30c3b5483035d9b092c7fa3fac41bf1fa9a843859b4ad3aa94eb517b448016a54eb02df019ac1f27838db84c8b497eeadfe2e14bf3a55451c8c29ef8093
- SSDEEP
  
  96:NzbnPZsqaaNFCT5j9LpHY0hl0QFRZSp63A5QBHJ+w6F+P2k1Id9TmNKMVQaazj:xv4LJZhl9tmQBN6k1I7mNKM2
Score

1^/10
behavioral5
- Target
  
  QZK RAT Free/EPPlus.dll
- Size
  
  3.1MB
- MD5
  
  ff4ecff3d9db54f69464be08632dba4d
- SHA1
  
  3097bb8ce6ecefa035a35ff3f54f94e917c6ddc6
- SHA256
  
  3fa2e9f82ee68f9e43bf756f4c75d5a3299fdb29c9229aa185db981366513762
- SHA512
  
  bc7d579f10286835cdf263329f74ab2ae2c525266487dc12745f5700400a14fb5d6152ddf8baf580f9174b27e92e6fc9922352bfb5d58bd01743697fe4606d98
- SSDEEP
  
  49152:klZKMN3mIT7i+805hcgyY6aZXNlqO/E8tOFH7tWpWCmvW:/OzNsSmv
Score

1^/10
behavioral6
- Target
  
  QZK RAT Free/FastColoredTextBox.dll
- Size
  
  325KB
- MD5
  
  adac0cee5cc4de7d4046ae1243e41bf0
- SHA1
  
  c8d6d92f0dbee64d0f4c0930f0d2699a8253e891
- SHA256
  
  68d0e444c0b27552d2cb86501dcb7db3fd64b82d966e9708db0408ec1ba38c79
- SHA512
  
  1d7af604540532a4121850760b1e401bb6356e59503c26f3d1fa358a105b7d88362c92f78aa4394095b165f06c484b8c2d2ed640380e85ef9b3eb087d3e7c869
- SSDEEP
  
  6144:CbgkJe4jG4m3oCCClXA34Wm5pVg/IWTKZCQOsqJLDd5eNqwDl1HD5:CbgEGv3oCCQAohVgSLmeNfD
Score

1^/10
behavioral7
- Target
  
  QZK RAT Free/Fixer.bat
- Size
  
  126B
- MD5
  
  d8aa2c83d328b4a8b7a1eca66d30834e
- SHA1
  
  d259afa241dd916d51da96c412eb4bdf13ee05b8
- SHA256
  
  8de3eb12c61b83853d25f88233f7d9498a3e5c3c0c0a6289f2e7d2acfcc9a442
- SHA512
  
  934adbdc9dc0ec5e56e214e504459275cbb544c1547550e8c9707271bece5a7c3c5062185be990478f2c204e304663871b7c1fc873a24c9c458fccf04fdb79b9
Score

1^/10
behavioral8
- Target
  
  QZK RAT Free/FontAwesome.Sharp.dll
- Size
  
  727KB
- MD5
  
  af7ea96479d85d6e858d27eadea10c49
- SHA1
  
  fc4dabf14bb0b61c3701815c8824347803af7877
- SHA256
  
  d7667c2d702e99eb009eaf917eaf177e855907ec5f10ee200eca7a57e6116722
- SHA512
  
  afcda3a046c5ace2d0c6c9ca97bf72267434a046b886baf36412cd4e7afaad992b02074aee4f4e72cfd3af4d59e267b9f6fe5e8c059a745990a9463cd9f74921
- SSDEEP
  
  12288:/mSRD6HQda9iky5eQXZ13KR8urDS9DukunSU8av+IL8:/lsQda9iky116R8urDS1I8av+I
Score

1^/10
behavioral9
- Target
  
  QZK RAT Free/GMap.NET.Core.dll
- Size
  
  2.9MB
- MD5
  
  819352ea9e832d24fc4cebb2757a462b
- SHA1
  
  aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11
- SHA256
  
  58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86
- SHA512
  
  6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a
- SSDEEP
  
  49152:ot12Gb/hz7ZsK9qY5uyUW57VC4IB1+fXhQ1hyCzMw/22fSg7gjxhUE/nbTC0xemh:oLbteKb57W1+PhQ1HM1gmJ/SZmh
Score

1^/10
behavioral10
- Target
  
  QZK RAT Free/GMap.NET.WindowsForms.dll
- Size
  
  147KB
- MD5
  
  32a8742009ffdfd68b46fe8fd4794386
- SHA1
  
  de18190d77ae094b03d357abfa4a465058cd54e3
- SHA256
  
  741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365
- SHA512
  
  22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b
- SSDEEP
  
  3072:k1GmgYqIY/0YSDBRGlDUqL63budipxj64m8HWYh3vHbFwMhLJSb+:lIO6rGloqL63qW62lJ
Score

1^/10
behavioral11
- Target
  
  QZK RAT Free/Guna.UI.dll
- Size
  
  1.1MB
- MD5
  
  8673eae95d67e5eb19f0eca3111408e8
- SHA1
  
  ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb
- SHA256
  
  576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d
- SHA512
  
  65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239
- SSDEEP
  
  24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q
Score

1^/10
behavioral12
- Target
  
  QZK RAT Free/Guna.UI2.dll
- Size
  
  2.3MB
- MD5
  
  b7cf1039d089511ff4594d0796dc966b
- SHA1
  
  e41d50c48f5381da01ed43967d1024fdaaeedd81
- SHA256
  
  9143707613cfa106fc4d7177e6e9f8a544738989b6167cd6578101f1bdb0927a
- SHA512
  
  6627a7a810c78a94ff1d52b14d071f8aabd71a2e6b521d2fcea7d865d94f5bcb1dd890f1b93b292035b20127507e32c11c215268e00510e5bf28c6132a4ce2a4
- SSDEEP
  
  49152:DpR548WTt9kUHdvAmZL0Th+1n9fr2flQChRigKw1:54JErh0gz1
Score

1^/10
behavioral13
- Target
  
  QZK RAT Free/ICSharpCode.NRefactory.dll
- Size
  
  648KB
- MD5
  
  19c667a32fdaa1ff5162c6e599d8209c
- SHA1
  
  4e5d2a045a44b2695c4d664de24070c16b51653d
- SHA256
  
  7ed9f334fbc846bd89773db45a58d5839bb62acc69d902b6918c5bfa4c25fae8
- SHA512
  
  ffa021cfd60213327933ef488c1ae637cc92ec8eccaf1258ae1cb909500f048a7fa8133194bb04f90d479bd70e345a6b9e475c7fa4e394ceba37566695656319
- SSDEEP
  
  12288:0TcdmW4lR962A5Cndb+N2uzgb5ShLgMfgGA:Uc+olIsfgGA
Score

1^/10
behavioral14
- Target
  
  QZK RAT Free/ICSharpCode.SharpRefactory.dll
- Size
  
  212KB
- MD5
  
  9af954f391ead3815c92a69ba37dc5cd
- SHA1
  
  def87efd6f8bef87e8317e0e4445b26ec157df6a
- SHA256
  
  38241922082e5b50ba3fba85667d1fbf8da4cabd1a59b0ace734eb99b7cd327a
- SHA512
  
  9d5f060756eeb61a135d1fec1e0bca1d3d3fadd9abce8c8eebdf0fd0f061bcfb162c26cad3fce4116fd4f642d27ead633757a8133cd9658047dff31fc36440a2
- SSDEEP
  
  3072:lvhs2+BF+y/TqNdErZVQXvtmlf9nAWH6gfphBPbsTbPZhlQCAaM3:xK1Tqb9mR9nRagfphR/Xn
Score

1^/10
behavioral15
- Target
  
  QZK RAT Free/ICSharpCode.SharpRefactoryVB.dll
- Size
  
  196KB
- MD5
  
  cd3ed4637cd1faefa0f066f3b4539a39
- SHA1
  
  e1a39b0ec05af109a1a92565515766c01f1a749e
- SHA256
  
  514fdff274358335b5347b32b8b0d44c4423bda6484eee13aa20e88c79be75d1
- SHA512
  
  2c7eaa59e3cfb3767786e93ac8f274e7421c9e58d6d79803ebdbf3092ef7be263c6edbe1543a633b3200ef9327e8de52f29ba4476f1fd41bb867bc4d442348bb
- SSDEEP
  
  3072:KhY78eVb9gPWlyxH+Qn4JEf6JZ6+M1p2/I0AvL8Zp:KED5y3R+REPSI0SL8
Score

1^/10
behavioral16
- Target
  
  QZK RAT Free/IconExtractor.dll
- Size
  
  10KB
- MD5
  
  640d8ffa779c6dd5252a262e440c66c0
- SHA1
  
  3252d8a70a18d5d4e0cc84791d587dd12a394c2a
- SHA256
  
  440912d85d2f98bb4f508ab82847067c18e1e15be0d8ecdcff0cc19327527fc2
- SHA512
  
  e12084f87bd46010aded22be30e902c5269a6f6bc88286d3bef17c71d070b17beada0fe9e691a2b2f76202b5f9265329f6444575f89aff8551c486eafe4d5f32
- SSDEEP
  
  192:7f77J4cGYyfQknxLvIgyLY5xJeU5pPpZlEAs:HS2yINgyLYLJR5wl
Score

1^/10
behavioral17
- Target
  
  QZK RAT Free/Microsoft.IO.RecyclableMemoryStream.dll
- Size
  
  57KB
- MD5
  
  aedcb85e47ea5ddc1182043ba311de33
- SHA1
  
  e7b124978b60a41bdb2b90a5862c2724af1c3569
- SHA256
  
  70d1c7355a48071f0cea3984bbe34ad24f11a1a16140bb901587f0e852397a97
- SHA512
  
  20f5cddff59a9c48354b9fbfc0e6ed716fd92ed6dc35cd45116db6f1ef759055b83a7f53b434fb9ba7b24dca49865a243d025be1e60fa3f807963cf9ecbc0ca6
- SSDEEP
  
  768:N4rRZa7odkCYSdPljNbdOJC3ywL6/2+psJlmjdPGANh6tVzHTNx9zKm:NIljxdMwL69yfmjpGANAbzzpzKm
Score

1^/10
behavioral18
- Target
  
  QZK RAT Free/NAudio.dll
- Size
  
  502KB
- MD5
  
  3b87d1363a45ce9368e9baec32c69466
- SHA1
  
  70a9f4df01d17060ec17df9528fca7026cc42935
- SHA256
  
  81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
- SHA512
  
  1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
- SSDEEP
  
  6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS
Score

1^/10
behavioral19
- Target
  
  QZK RAT Free/Plugins/7zip.dll
- Size
  
  1.8MB
- MD5
  
  bb4ca828dabc67199159e4d6f7ebfad1
- SHA1
  
  3167e23e66ad5b7268f60f445cce382b6300089f
- SHA256
  
  2f1d87120286bfc33593a2a62ac3452d4921537005a9d66934a07c0c19a60f71
- SHA512
  
  856d329c0ad3e8d7696c473af84e2f4eaa7bf45666d6a16fd7c0137948462e9bc6cb47efec7b0b9666acbfcf6a2e33919fe48419185dbc602cfd98bf10efe3b6
- SSDEEP
  
  49152:Mow7W+ocCZY+MjT5OlAYSiqjbxippODgApn1/qvs:YobZY+Mf5OlI/hsi7qv
Score

10^/10

neshta persistence spyware
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral20
- Target
  
  QZK RAT Free/Plugins/ACTWindows.dll
- Size
  
  1.1MB
- MD5
  
  91c072b5c4eaf18b81d4c522f967df5c
- SHA1
  
  4290045e1382057ab339f3e0c269770714b5487b
- SHA256
  
  61451c536c1a5a9b2b676fa191c4a960d7952aff4cf8b3437860adcdedec3774
- SHA512
  
  03dba43bcb6f0ee1b82ed874a5a7ff7b94b2096e230f906927666438372f77a379301acbaa31c71a507dbd3e59944dab1fb4f8466a9808a6077719d33a99e540
- SSDEEP
  
  24576:AQ3sWYfdA5r6B/QIdMFmEADsHcxw6J6fG3tLVJnsdWUVSEPP:AQ8WIe5r61MFFADk+2fG3xPs40
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21
- Target
  
  QZK RAT Free/Plugins/All-In-One.dll
- Size
  
  4.8MB
- MD5
  
  d668737933aa7ff596f8e085e3baa904
- SHA1
  
  23fa9ad768e027655f4d2f9f6d4144c7d6d9f4d4
- SHA256
  
  56310832130d1b57d06004bbc54a17d531fdccd74afd8519c2d78076ee9a00eb
- SHA512
  
  ee48650f78b8b6eab48b2979448a1da472e2dba5197cf5e14e914f82292657ebf9f3d166405cc7ccd6ad82233608a1cb3ac88b80f921fdd83c3d499d9f572543
- SSDEEP
  
  98304:UP19F9QORkChiDC9OtH7c2iwGxIvPBOw0JefVfQ2a5cFd4KssODtd:+9FPRkC8C9OH7c2ilInz0kfVo26Wsd
Score

1^/10
behavioral22
- Target
  
  QZK RAT Free/Plugins/AskUAC.dll
- Size
  
  9KB
- MD5
  
  892cb580698edce6b2282ffb84390aa0
- SHA1
  
  2ff58c3b3ba931103bdbf18b8e7cfe7c45a1a354
- SHA256
  
  cdac77b808104421069ce848259992a12f1fd9b94260c71e8eb4a64784d27409
- SHA512
  
  5142f8de7a03d95a606ea48ed1e53b8ce9ece358714c5bf2f3467f5fc69e6d00375d8c39661650bf18968f0d5282d5cdedefa794f1d2b796a323505e6c0d3db4
- SSDEEP
  
  192:mHUtgZzv32GOp8bzJgyBTkIW1Pn/KicamxLO0A:mH6gZ3c8bWyBTun/K3att
Score

1^/10
behavioral23
- Target
  
  QZK RAT Free/Plugins/BlankScreen.dll
- Size
  
  9KB
- MD5
  
  a243723ea9b8bbe0b7c4f25c75896a4b
- SHA1
  
  63527ed5d9dc8d6dbf5cec17dc2c843ebab9f702
- SHA256
  
  1c6636f9ed05572706ee25765884f050c383170dbc4b9302c9f604b0d127b64a
- SHA512
  
  8e08dc4dd0f709a5237b42627a78ce87051cea61532021de5e518824e2916042c0e2a311fd146188f84495205ba955bc786853134f543c5c6be0476ee9fc2826
- SSDEEP
  
  192:xwUEwB2fTGOl61LATWEIW1PnaPwpMeAL22:aUEIQS9UTWOnaPwpMu2
Score

1^/10
behavioral24
- Target
  
  QZK RAT Free/Plugins/Bookmarks.dll
- Size
  
  28KB
- MD5
  
  0b6df4d519ea05eb162adbc487689755
- SHA1
  
  6c1e715b476e5edf7349ad47f837bfb0dae9c1dd
- SHA256
  
  4eace1ffbb2d9ad23d134691cbe1a6409602e659c1431cfa9e280115828c9e48
- SHA512
  
  a67c5209e777604815f23a21afe73b887dd2e03c94cdcd85b05dce2ea466c23c95feda51a01e08b792162f1503dac85f27f8291e287ffaa7ca4e92fa2a8633ee
- SSDEEP
  
  768:S5PKDtoU1bOU+texSftVGeAsmc2v8pUZVPykbbl1zFrezN03OMFzB9gB:j1bOUZeQb7VP5bxrezS3OMxB9gB
Score

1^/10
behavioral25
- Target
  
  QZK RAT Free/Plugins/Chat.dll
- Size
  
  18KB
- MD5
  
  682c29845efa6474461a5023a0fcb6a3
- SHA1
  
  74013b11721ff1bef8d6678c577e8f1d6b1ad4ad
- SHA256
  
  a0d79a5dedacf0bf24c24fb33b406259bc6525a8d91db607994c83d66eba46aa
- SHA512
  
  18a35e81fd1b89a41ebd80c7fb49d0cab87d3f110d829018ad8bb9f5d64a5adcd6af0db0a9f34bb0861211d4170cfff93d841bd3cba464d9c500142eb95eb49a
- SSDEEP
  
  384:IlYxUVSLim0EAT1sZKivG1dELq1TKQt0InoIH+lfUmWDf5:IZVSLz0bT1kKivGv0q1qIHEfUZt
Score

1^/10
behavioral26
- Target
  
  QZK RAT Free/Plugins/Chromium.dll
- Size
  
  25KB
- MD5
  
  0612625fe0d1d3b9c037bd7c1506e2f1
- SHA1
  
  9f3d1201cac3346327ddacef194b23b8e0f97336
- SHA256
  
  b82d1b59f11ab1c33c953b5b7ff2fbed5d065ef6bb07723d164c0db76afa65c5
- SHA512
  
  50f82c3befdb29311d3540a1288ba4a32f822d884a0de033a6752ed2a8f656e0b10797078820e8313fcbb316e914fd9970e789e085065f114a527da2050bc13a
- SSDEEP
  
  384:GtGWc3ht3Xa7LHDxtN5RV/PBPugcs9/cnjqlg91YDa3ZsrkSL7:6GWcR5XeLTFPN/6qCbYW3Zsg0
Score

1^/10
behavioral27
- Target
  
  QZK RAT Free/QZK RAT.exe
- Size
  
  11.6MB
- MD5
  
  ffbea3a298fb6de9a6ef389013c9e5f6
- SHA1
  
  036bd7355eeb62444a1a957c637f589e97a882a3
- SHA256
  
  c62b713747d6cff351f1088346caeb4799aa5718bbf073c37f58011e9abc99c7
- SHA512
  
  00e63fd8762e21327813372c10c2d7581fa6a60dbc3c85d078d6a19d63bc20bc7ea6a937823edc97da013f7de0ffb4144db258ac184b334de7eff57fc67d2b78
- SSDEEP
  
  196608:/ywGVHA2ZsdFSWnMYmvp7djurW1yNd3HUFxDSWSccMiIIiKIRM7ebK4ht3PYuz0R:awwHBZsSWep7JIX3HUFxOZMiIIiKIRMz
Score

7^/10

agilenet
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral28
- Target
  
  QZK RAT Free/System.Numerics.Vectors.dll
- Size
  
  113KB
- MD5
  
  aaa2cbf14e06e9d3586d8a4ed455db33
- SHA1
  
  3d216458740ad5cb05bc5f7c3491cde44a1e5df0
- SHA256
  
  1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
- SHA512
  
  0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
- SSDEEP
  
  1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
Score

1^/10
behavioral29
- Target
  
  QZK RAT Free/System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  16KB
- MD5
  
  da04a75ddc22118ed24e0b53e474805a
- SHA1
  
  2d68c648a6a6371b6046e6c3af09128230e0ad32
- SHA256
  
  66409f670315afe8610f17a4d3a1ee52d72b6a46c544cec97544e8385f90ad74
- SHA512
  
  26af01ca25e921465f477a0e1499edc9e0ac26c23908e5e9b97d3afd60f3308bfbf2c8ca89ea21878454cd88a1cddd2f2f0172a6e1e87ef33c56cd7a8d16e9c8
- SSDEEP
  
  192:LGLxTyHvc4ROgcxAdWXYWJeaPtWsI9A9GaHnhWgN7aJeWw0fnCsqnajt:LgGLROZAdWXYW8aPcyHRN7WEqn1lx
Score

1^/10
behavioral30
- Target
  
  QZK RAT Free/dnlib.dll
- Size
  
  1.1MB
- MD5
  
  9ed69fbbfdec5d95ea229da3969dd77b
- SHA1
  
  7972339f0a1b6a28a2f335c84cdfc5d9beee72b6
- SHA256
  
  e8bc7a627149386cb3cf714ae0101f69440f72cf2e7468a677b727b32aaed755
- SHA512
  
  61bfaa00736487ed736a27c1a9e45ce14b578452471866d195ce1a4736e72bd4bec98938b8cbb83ffbf09cbf188e9b8760452cc95ee30565414882aadd0171a6
- SSDEEP
  
  24576:+9itfCdSZYeP0jsLpPl44znxuhv7fBTu1Z:W5QF6
Score

1^/10
behavioral31

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Detect Neshta payload

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31