General
-
Target
84d3d9634976a8fee93497d8c406adb0_NeikiAnalytics.exe
-
Size
3.1MB
-
Sample
240524-26y23aee4s
-
MD5
84d3d9634976a8fee93497d8c406adb0
-
SHA1
8e31205fc2aee87a3862fc6c33d11d318a003e79
-
SHA256
5568ae4c3fe1e93046d1820f46c54c6ac4f6c73198f53409df663206f6e5aa1e
-
SHA512
921b3fe58ce464627d86cd15b19ebbb63b6b158dec30afec905d1b4e4c3be6fd4a4f0b1eaf25fa8686008fa084805e6b05e0bfad3949ab8851c87928466a5979
-
SSDEEP
49152:LU03k0EHHtQMngQcR2+g1NTi7p7FJRHquOuCCUs51ST1i1jqXItCkcCMdWmcJ9:H3YXRcXc9iF/xZOuC/s5YxigtdWVJ9
Static task
static1
Behavioral task
behavioral1
Sample
84d3d9634976a8fee93497d8c406adb0_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
10.0.2.15:4782
8cc926a7-8fb2-4810-84b7-930934112047
-
encryption_key
53E7CCC098EF671006BA6BEEF157EC7AF807CFD6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
84d3d9634976a8fee93497d8c406adb0_NeikiAnalytics.exe
-
Size
3.1MB
-
MD5
84d3d9634976a8fee93497d8c406adb0
-
SHA1
8e31205fc2aee87a3862fc6c33d11d318a003e79
-
SHA256
5568ae4c3fe1e93046d1820f46c54c6ac4f6c73198f53409df663206f6e5aa1e
-
SHA512
921b3fe58ce464627d86cd15b19ebbb63b6b158dec30afec905d1b4e4c3be6fd4a4f0b1eaf25fa8686008fa084805e6b05e0bfad3949ab8851c87928466a5979
-
SSDEEP
49152:LU03k0EHHtQMngQcR2+g1NTi7p7FJRHquOuCCUs51ST1i1jqXItCkcCMdWmcJ9:H3YXRcXc9iF/xZOuC/s5YxigtdWVJ9
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-