General
-
Target
6930ca5a87b4fddf7235ec768c7748b0_NeikiAnalytics.exe
-
Size
3.1MB
-
Sample
240613-h8vb4sygqb
-
MD5
6930ca5a87b4fddf7235ec768c7748b0
-
SHA1
7666c8b2098e66041958472cccda14ed4a7e3784
-
SHA256
17c5c83758428f79ad510953a856b7740533481c8e5bc6b2015f38771c9e70c9
-
SHA512
4509fde462da5f5cecc13f177dd70fc43d7a086798bc4f2a083bc228b0015fb187b01aa1e1ef20488ebd1707b042979d7574a2694d84c15b60d5183e16fdb151
-
SSDEEP
49152:GvIt62XlaSFNWPjljiFa2RoUYIScHKmzI8oGdITHHB72eh2NT:GvE62XlaSFNWPjljiFXRoUYIScHz
Behavioral task
behavioral1
Sample
6930ca5a87b4fddf7235ec768c7748b0_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.4.1
Office04
87.181.239.107:4782
0be600bd-7c2c-44f2-905b-8be35813fed3
-
encryption_key
85D9F76670BED174C20AD02D21A9BF332FEF493D
-
install_name
Office.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Office365
-
subdirectory
Office
Targets
-
-
Target
6930ca5a87b4fddf7235ec768c7748b0_NeikiAnalytics.exe
-
Size
3.1MB
-
MD5
6930ca5a87b4fddf7235ec768c7748b0
-
SHA1
7666c8b2098e66041958472cccda14ed4a7e3784
-
SHA256
17c5c83758428f79ad510953a856b7740533481c8e5bc6b2015f38771c9e70c9
-
SHA512
4509fde462da5f5cecc13f177dd70fc43d7a086798bc4f2a083bc228b0015fb187b01aa1e1ef20488ebd1707b042979d7574a2694d84c15b60d5183e16fdb151
-
SSDEEP
49152:GvIt62XlaSFNWPjljiFa2RoUYIScHKmzI8oGdITHHB72eh2NT:GvE62XlaSFNWPjljiFXRoUYIScHz
-
Quasar payload
-
Executes dropped EXE
-