General
-
Target
9a74db79f4f7ee74e9896b405e6b4230_NeikiAnalytics.exe
-
Size
1.4MB
-
Sample
240606-wqm2zaaf89
-
MD5
9a74db79f4f7ee74e9896b405e6b4230
-
SHA1
cfa4cedbf76a6dc9d8d87e11a37d1cec12ab23e8
-
SHA256
68efe35cdf71cfd665ab50ae207463f3bd0ee84eabdd67198cd9ad50da940a3e
-
SHA512
243f311fe1a6c037d25aa523c166a7adb0fc40fd51193668363e52219ad85f69005fe8c03fded8c6793bb200114d0d21d35ea1baf04763b067369be4de76332f
-
SSDEEP
12288:PYBk8/02EjJ9Q3cdUqkTRagEf6a44+YkqvfM1iPrMafRW69ARtjyQe3ZrHV28ao4:PSvEF24vdjO23t12B/8d
Static task
static1
Behavioral task
behavioral1
Sample
9a74db79f4f7ee74e9896b405e6b4230_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9a74db79f4f7ee74e9896b405e6b4230_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
quasar
1.3.0.0
Oracle
qassar23.ddns.net:1993
QSR_MUTEX_2ybtURLL4gJhCGhGLF
-
encryption_key
tQD9dSZguIoP7DskENc6
-
install_name
Oracle.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Oracle
-
subdirectory
SubDir
Targets
-
-
Target
9a74db79f4f7ee74e9896b405e6b4230_NeikiAnalytics.exe
-
Size
1.4MB
-
MD5
9a74db79f4f7ee74e9896b405e6b4230
-
SHA1
cfa4cedbf76a6dc9d8d87e11a37d1cec12ab23e8
-
SHA256
68efe35cdf71cfd665ab50ae207463f3bd0ee84eabdd67198cd9ad50da940a3e
-
SHA512
243f311fe1a6c037d25aa523c166a7adb0fc40fd51193668363e52219ad85f69005fe8c03fded8c6793bb200114d0d21d35ea1baf04763b067369be4de76332f
-
SSDEEP
12288:PYBk8/02EjJ9Q3cdUqkTRagEf6a44+YkqvfM1iPrMafRW69ARtjyQe3ZrHV28ao4:PSvEF24vdjO23t12B/8d
Score10/10-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-