Overview

overview

10

Static

static

10

923c422186...cs.exe

windows7-x64

10

923c422186...cs.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    923c4221866465ce0e2cd934d37dd710_NeikiAnalytics

  • Size

    3.1MB

  • MD5

    923c4221866465ce0e2cd934d37dd710

  • SHA1

    0cf1f9b74796241ae67678cd3de1e498eb893c36

  • SHA256

    f0ebb38775564ab57f7e8fdb8c8c37e2eca832f5d369ec01c848599daf627cf5

  • SHA512

    fcf7cb6158bc6f42b3e00a077487d6c3cdccfafda46f6b289c643a08c05a30824e3d8ab0f30570712acd101ba022014fe016afb407c5321637e5b3cbc0e74064

  • SSDEEP

    49152:Pvkt62XlaSFNWPjljiFa2RoUYIPdqioGd66Q2gTHHB72eh2NT:Pv462XlaSFNWPjljiFXRoUYIPdHK/

Score
10/10
bloxstrapquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Bloxstrap

C2

l2sbb-63720.portmap.io:63720

Mutex

147cd381-4f9a-46fa-938c-116ed4ed9f05

Attributes
  • encryption_key

    EE5E4782203529F5A1A90C6405361C31EDF61FA1

  • install_name

    Bloxstrap.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System

  • subdirectory

    BloxstrapMenu

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 923c4221866465ce0e2cd934d37dd710_NeikiAnalytics
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections