General
-
Target
2a52e8ed891e08b831ff2b4703c5ccefd48d512c0534de9399684a289a6b95ec_NeikiAnalytics.exe
-
Size
718KB
-
Sample
240621-b1jgbaygqm
-
MD5
20c404f8e7606ae61f77b329d337fbc0
-
SHA1
e23cd528e4da2cf73bc4b4a4fb6bf9c738f59435
-
SHA256
2a52e8ed891e08b831ff2b4703c5ccefd48d512c0534de9399684a289a6b95ec
-
SHA512
d183123eb9518a9dfcca72e1a6e4a1368da17ef06e3f1c5f2de6131ed2e6582c895ee10d0dc9e912aeaed89af7f03a9b14dc75414cb19ee40511412803cd7043
-
SSDEEP
12288:FKrSjGt2H9toA/HZZvMtG6YGP0YO5qvsEhQFJlTzy:FKrS6stP5hGzFO5qUEhQFJk
Static task
static1
Behavioral task
behavioral1
Sample
2a52e8ed891e08b831ff2b4703c5ccefd48d512c0534de9399684a289a6b95ec_NeikiAnalytics.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
2.1.0.0
Office04
hvhkcutuoujbobu672-22209.portmap.host:22209
VNM_MUTEX_B9yalilhpjXcfLAYLB
-
encryption_key
1QFI1TWvW55TfLRzQhy0
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2a52e8ed891e08b831ff2b4703c5ccefd48d512c0534de9399684a289a6b95ec_NeikiAnalytics.exe
-
Size
718KB
-
MD5
20c404f8e7606ae61f77b329d337fbc0
-
SHA1
e23cd528e4da2cf73bc4b4a4fb6bf9c738f59435
-
SHA256
2a52e8ed891e08b831ff2b4703c5ccefd48d512c0534de9399684a289a6b95ec
-
SHA512
d183123eb9518a9dfcca72e1a6e4a1368da17ef06e3f1c5f2de6131ed2e6582c895ee10d0dc9e912aeaed89af7f03a9b14dc75414cb19ee40511412803cd7043
-
SSDEEP
12288:FKrSjGt2H9toA/HZZvMtG6YGP0YO5qvsEhQFJlTzy:FKrS6stP5hGzFO5qUEhQFJk
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-