General

  • Target

    5ff5051e549747f6bedd8bee29406760_NeikiAnalytics

  • Size

    4.2MB

  • Sample

    240510-yn2hpahg28

  • MD5

    5ff5051e549747f6bedd8bee29406760

  • SHA1

    a374166aaccbda485409926218cd2a98dfb35fc1

  • SHA256

    8252ddb53b8b6564cb236c1693f8a9695ab9e48a90b3904a2bf7a34881e4c1f0

  • SHA512

    fe28e001e44e67fc0b21edee572a9bcfa32f4eb91e29fb1d426281dc42f2c230d7c8a80693542502d9817df629547ca428257f08b45dfd70615715012a55026f

  • SSDEEP

    98304:jd9IRzKP2vgMnK+lVsoVippEcnMR545balCTDAYPXbCz6pM:8RzYVMzVsppS89aH6LoKM

Malware Config

Targets

    • Target

      5ff5051e549747f6bedd8bee29406760_NeikiAnalytics

    • Size

      4.2MB

    • MD5

      5ff5051e549747f6bedd8bee29406760

    • SHA1

      a374166aaccbda485409926218cd2a98dfb35fc1

    • SHA256

      8252ddb53b8b6564cb236c1693f8a9695ab9e48a90b3904a2bf7a34881e4c1f0

    • SHA512

      fe28e001e44e67fc0b21edee572a9bcfa32f4eb91e29fb1d426281dc42f2c230d7c8a80693542502d9817df629547ca428257f08b45dfd70615715012a55026f

    • SSDEEP

      98304:jd9IRzKP2vgMnK+lVsoVippEcnMR545balCTDAYPXbCz6pM:8RzYVMzVsppS89aH6LoKM

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • AgentTesla payload

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks