Overview

overview

10

Static

static

10

10fb9b7185...cs.exe

windows7-x64

10

10fb9b7185...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10fb9b71859bfc7ae5aff462a88ade70_NeikiAnalytics.exe

  • Size

    348KB

  • Sample

    240522-y2hyhaeh8z

  • MD5

    10fb9b71859bfc7ae5aff462a88ade70

  • SHA1

    3e6c00c0d6d443741216b79e7f500d927b4cb60a

  • SHA256

    451f300d14014ed0d89f00dde44295272d1672507a449a6106dc450493baa52e

  • SHA512

    7666023e2c63c8eff11fb02588636fc932c0f616323bfa2c4faf4a65ba0355ea18f70a0b12246ffeacd1d0b137dd2aa6085058c5503fff0187f377758add3491

  • SSDEEP

    6144:uvNHXf500M8wU2Kd6ab76s9BeSCck4kZ25t0CNO:0d50XKYK6cCcL5txO

Score
10/10
quasarproxyspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

PROXY

C2

proxybreve.duckdns.org:4001

Mutex

QSR_MUTEX_l1M93VuqIyiH8hEQ4I

Attributes
  • encryption_key

    Z3lsDT6GRXRES92YFSq8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    1

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      10fb9b71859bfc7ae5aff462a88ade70_NeikiAnalytics.exe

    • Size

      348KB

    • MD5

      10fb9b71859bfc7ae5aff462a88ade70

    • SHA1

      3e6c00c0d6d443741216b79e7f500d927b4cb60a

    • SHA256

      451f300d14014ed0d89f00dde44295272d1672507a449a6106dc450493baa52e

    • SHA512

      7666023e2c63c8eff11fb02588636fc932c0f616323bfa2c4faf4a65ba0355ea18f70a0b12246ffeacd1d0b137dd2aa6085058c5503fff0187f377758add3491

    • SSDEEP

      6144:uvNHXf500M8wU2Kd6ab76s9BeSCck4kZ25t0CNO:0d50XKYK6cCcL5txO

    Score
    10/10
    quasarproxyspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks