General
-
Target
89bbf8129dfc8b3d9b760c2d3fcd6e70_NeikiAnalytics
-
Size
1.0MB
-
Sample
240511-f9617agb6t
-
MD5
89bbf8129dfc8b3d9b760c2d3fcd6e70
-
SHA1
73192e8dc4a0d6cdfc9563483da4d1cc0bed67de
-
SHA256
2a8b040291985b8aa4fad28355af430ef0cf5bbbd2e6195fb7504160b62b881e
-
SHA512
c6ebb83aef2807aa46a546ae58ce74c53716678f44473d9183a6b364b73a0312c500abf8f4247ba34bc3e1fcb31185197828ff3a8cd1ffa1fddbe05f40605b52
-
SSDEEP
12288:yhqxHfPKSyKt09bVUHJNpX1sB67l+YPciyT9SOH5/V6NS8N0gMg++TOFL7ClN2jQ:yhG+I9s6x+Yxgr5/VmMgo97Fku8
Malware Config
Extracted
quasar
1.3.0.0
amine
qassar23.ddns.net:1993
QSR_MUTEX_CUl50675jTJczGSJ5s
-
encryption_key
PcTLdHtjDsjcNU67043D
-
install_name
Update service.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
amine
-
subdirectory
microsofte
Targets
-
-
Target
89bbf8129dfc8b3d9b760c2d3fcd6e70_NeikiAnalytics
-
Size
1.0MB
-
MD5
89bbf8129dfc8b3d9b760c2d3fcd6e70
-
SHA1
73192e8dc4a0d6cdfc9563483da4d1cc0bed67de
-
SHA256
2a8b040291985b8aa4fad28355af430ef0cf5bbbd2e6195fb7504160b62b881e
-
SHA512
c6ebb83aef2807aa46a546ae58ce74c53716678f44473d9183a6b364b73a0312c500abf8f4247ba34bc3e1fcb31185197828ff3a8cd1ffa1fddbe05f40605b52
-
SSDEEP
12288:yhqxHfPKSyKt09bVUHJNpX1sB67l+YPciyT9SOH5/V6NS8N0gMg++TOFL7ClN2jQ:yhG+I9s6x+Yxgr5/VmMgo97Fku8
Score10/10-
Modifies WinLogon for persistence
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-