General

  • Target

    1cc21298b9e394b4951fc011a582c410_NeikiAnalytics.exe

  • Size

    3.1MB

  • Sample

    240525-zees1aaa97

  • MD5

    1cc21298b9e394b4951fc011a582c410

  • SHA1

    5532754638d680687e038c3b6126ad1ac7b9a953

  • SHA256

    bdd58cae7b811d677926b1d9044d42b484263e1a108465d8a42a0aae9d8ae06d

  • SHA512

    52c4d6f3cdf81243ae227fdeaa03e19c4e9e8d61814fc36dada8034c1fd03487939f815ebace769e4591322e74eb248399b699205e2dfed4e8af22eb5b58b88c

  • SSDEEP

    49152:+vBt62XlaSFNWPjljiFa2RoUYITCh1JmLoGdZ6LTHHB72eh2NT:+vr62XlaSFNWPjljiFXRoUYITCSJ

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.10.128:4782

Mutex

92a0dbed-92db-4316-8689-94f896bde9d4

Attributes
  • encryption_key

    C930B2A58084255426DA306F1B9DD84DFBBC2448

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    file manager

  • subdirectory

    SubDir

Targets

    • Target

      1cc21298b9e394b4951fc011a582c410_NeikiAnalytics.exe

    • Size

      3.1MB

    • MD5

      1cc21298b9e394b4951fc011a582c410

    • SHA1

      5532754638d680687e038c3b6126ad1ac7b9a953

    • SHA256

      bdd58cae7b811d677926b1d9044d42b484263e1a108465d8a42a0aae9d8ae06d

    • SHA512

      52c4d6f3cdf81243ae227fdeaa03e19c4e9e8d61814fc36dada8034c1fd03487939f815ebace769e4591322e74eb248399b699205e2dfed4e8af22eb5b58b88c

    • SSDEEP

      49152:+vBt62XlaSFNWPjljiFa2RoUYITCh1JmLoGdZ6LTHHB72eh2NT:+vr62XlaSFNWPjljiFXRoUYITCSJ

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

1
T1012

Tasks