General
-
Target
71c5aa29fc4e8f9f853d757e40984e5e6b6376f5d241c21571671efb08653c3c_NeikiAnalytics.exe
-
Size
685KB
-
Sample
240629-grrdfsvgrq
-
MD5
89a8e2368f403528e58ea89fca2c4b30
-
SHA1
21f196ea418a5796125500483754cf09a8111bf6
-
SHA256
71c5aa29fc4e8f9f853d757e40984e5e6b6376f5d241c21571671efb08653c3c
-
SHA512
34cf94001566f2537f6433d7c4cbb89c780cc59c00a3fa4bcd3e9164553c4d0d651dbeb95ae439978890f74e00bded473eb46fb5e05cc2220abdc02a74b5f2a0
-
SSDEEP
12288:Lnci3+GaMl9th6MLlRJTpx6a33Y9vZ5dQZcXFSRUR/dy9DoXAkkAntgoMdTewyb:FJtRJpx+xje+F9eDoXOfdTeN
Static task
static1
Behavioral task
behavioral1
Sample
71c5aa29fc4e8f9f853d757e40984e5e6b6376f5d241c21571671efb08653c3c_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
71c5aa29fc4e8f9f853d757e40984e5e6b6376f5d241c21571671efb08653c3c_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
quasar
1.3.0.0
USR
pv8stresser.xyz:45201
yzyrfG0e0ojtGuJLLm
-
encryption_key
MxiVBHqo0ITsYTvOCUNN6SV9XbYPIBwE
-
install_name
Client.exe
-
log_directory
Mozilla
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
71c5aa29fc4e8f9f853d757e40984e5e6b6376f5d241c21571671efb08653c3c_NeikiAnalytics.exe
-
Size
685KB
-
MD5
89a8e2368f403528e58ea89fca2c4b30
-
SHA1
21f196ea418a5796125500483754cf09a8111bf6
-
SHA256
71c5aa29fc4e8f9f853d757e40984e5e6b6376f5d241c21571671efb08653c3c
-
SHA512
34cf94001566f2537f6433d7c4cbb89c780cc59c00a3fa4bcd3e9164553c4d0d651dbeb95ae439978890f74e00bded473eb46fb5e05cc2220abdc02a74b5f2a0
-
SSDEEP
12288:Lnci3+GaMl9th6MLlRJTpx6a33Y9vZ5dQZcXFSRUR/dy9DoXAkkAntgoMdTewyb:FJtRJpx+xje+F9eDoXOfdTeN
Score10/10-
Quasar payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-