Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6973a7fe5c9810f2751dbc1393cc0940_NeikiAnalytics.exe
-
Size
6.2MB
-
Sample
240517-axwrsshd54
-
MD5
6973a7fe5c9810f2751dbc1393cc0940
-
SHA1
1a0c1d33c7a9dbede3c161052e4b8240c54a58bc
-
SHA256
6bbcf899efc405a2323736097ed27200a0bbe717c4ce4718d50ca086e2012f50
-
SHA512
43030581de024d667a78f9c24d5d80b93bc41e09233d0a82e17bb89bdcc5ea19a69dd51aab5f0eb74275adca6be5b71bcea47e440ab1e25dc2a4916ce8863296
-
SSDEEP
196608:lTm437e14Mv+3YVr2hOjWuHMuWjwgzc0G:Iue+MxVslungz/G
Malware Config
Targets
-
-
Target
6973a7fe5c9810f2751dbc1393cc0940_NeikiAnalytics.exe
-
Size
6.2MB
-
MD5
6973a7fe5c9810f2751dbc1393cc0940
-
SHA1
1a0c1d33c7a9dbede3c161052e4b8240c54a58bc
-
SHA256
6bbcf899efc405a2323736097ed27200a0bbe717c4ce4718d50ca086e2012f50
-
SHA512
43030581de024d667a78f9c24d5d80b93bc41e09233d0a82e17bb89bdcc5ea19a69dd51aab5f0eb74275adca6be5b71bcea47e440ab1e25dc2a4916ce8863296
-
SSDEEP
196608:lTm437e14Mv+3YVr2hOjWuHMuWjwgzc0G:Iue+MxVslungz/G
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-