General
-
Target
89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe
-
Size
341KB
-
Sample
240629-j7bn2sxapn
-
MD5
12727d1a8a1cde56fa3715f6ba9ecdb0
-
SHA1
112ff64a9dfccadd7ae4618dbaf6e537b68a058f
-
SHA256
89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93
-
SHA512
8502fafdad4ea9f430c6ce9f51f2686e56a13a9e23cd8cda0d420587ce11631efa076e38aa617e6ee0481331edc5e3954cc96f16b6dc1be33ad75e71cd36a7ef
-
SSDEEP
6144:ubZJrgLF70h2Jn/9A2LnugnTzTzTFNDMbMIIAZk1AlC4HCf0VVp8:G47gY/OanucQIAq94i8Vr8
Behavioral task
behavioral1
Sample
89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
keke78410-60142.portmap.host:60142
QSR_MUTEX_cOv6uh77YaEpqR2GFj
-
encryption_key
8vuP81UPGlFDNPdrxBd5
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe
-
Size
341KB
-
MD5
12727d1a8a1cde56fa3715f6ba9ecdb0
-
SHA1
112ff64a9dfccadd7ae4618dbaf6e537b68a058f
-
SHA256
89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93
-
SHA512
8502fafdad4ea9f430c6ce9f51f2686e56a13a9e23cd8cda0d420587ce11631efa076e38aa617e6ee0481331edc5e3954cc96f16b6dc1be33ad75e71cd36a7ef
-
SSDEEP
6144:ubZJrgLF70h2Jn/9A2LnugnTzTzTFNDMbMIIAZk1AlC4HCf0VVp8:G47gY/OanucQIAq94i8Vr8
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-