General

  • Target

    Nova+cheet.exe

  • Size

    3.1MB

  • Sample

    240820-e1qr6sxbkr

  • MD5

    0ae6edb095534fde7de49e56a9922130

  • SHA1

    2b91b6119c0cfa5388c3472d12103f68e04d16ba

  • SHA256

    b92565384c66a5863bb786681503fc2d3cb61ceef0766f763345c8789c2f9806

  • SHA512

    e3d1d0ca398793a16eb2c3296231a0ee01484e4ae2316dd3e52ba89ccc59a3a87b50aeb7f7bfff00d6d8f74af2937bea8b7d7aa77658f43b1b8bab547444fbb5

  • SSDEEP

    49152:avQt62XlaSFNWPjljiFa2RoUYIgxRJ6ybR3LoGdgTHHB72eh2NT:avc62XlaSFNWPjljiFXRoUYIgxRJ6s

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Nozims cheat

C2

192.168.1.169:4782

Mutex

dc6a28df-c0c1-4e0c-adc8-2512fecff7dc

Attributes
  • encryption_key

    03695FA5D11447330420485DB9FD166A251AB067

  • install_name

    Nozim.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Java Updater

  • subdirectory

    Nozim

Targets

    • Target

      Nova+cheet.exe

    • Size

      3.1MB

    • MD5

      0ae6edb095534fde7de49e56a9922130

    • SHA1

      2b91b6119c0cfa5388c3472d12103f68e04d16ba

    • SHA256

      b92565384c66a5863bb786681503fc2d3cb61ceef0766f763345c8789c2f9806

    • SHA512

      e3d1d0ca398793a16eb2c3296231a0ee01484e4ae2316dd3e52ba89ccc59a3a87b50aeb7f7bfff00d6d8f74af2937bea8b7d7aa77658f43b1b8bab547444fbb5

    • SSDEEP

      49152:avQt62XlaSFNWPjljiFa2RoUYIgxRJ6ybR3LoGdgTHHB72eh2NT:avc62XlaSFNWPjljiFXRoUYIgxRJ6s

MITRE ATT&CK Enterprise v15

Tasks