General

  • Target

    86b89f89b2bb42c76136c31d1024ff10_NeikiAnalytics.exe

  • Size

    346KB

  • Sample

    240609-tkh5qacb81

  • MD5

    86b89f89b2bb42c76136c31d1024ff10

  • SHA1

    86c48d9749104f29aab0f73884e5be79642eaea8

  • SHA256

    bf98b9056f93b748819f842b5811f0feba4ce15e2efa7afbb46d688fc1b6d6b0

  • SHA512

    3c5ca5a33fc32a445be6929cf38e21b06d479c19d733ef778a8a44b091410d0a4d380240ea7a9e65f61aa2dc449a88b0085d9078f4014bf2377066ec0f055790

  • SSDEEP

    6144:OQ606xHPOp6WkN8v/UTc5T9RHnWuKqLhjtrOTI2/vMssTyCRLbz8KHvtdOTOlRh:o2QWO8HkcFWujLlx/RlTyaPz8m+6Rh

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      86b89f89b2bb42c76136c31d1024ff10_NeikiAnalytics.exe

    • Size

      346KB

    • MD5

      86b89f89b2bb42c76136c31d1024ff10

    • SHA1

      86c48d9749104f29aab0f73884e5be79642eaea8

    • SHA256

      bf98b9056f93b748819f842b5811f0feba4ce15e2efa7afbb46d688fc1b6d6b0

    • SHA512

      3c5ca5a33fc32a445be6929cf38e21b06d479c19d733ef778a8a44b091410d0a4d380240ea7a9e65f61aa2dc449a88b0085d9078f4014bf2377066ec0f055790

    • SSDEEP

      6144:OQ606xHPOp6WkN8v/UTc5T9RHnWuKqLhjtrOTI2/vMssTyCRLbz8KHvtdOTOlRh:o2QWO8HkcFWujLlx/RlTyaPz8m+6Rh

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      8b3830b9dbf87f84ddd3b26645fed3a0

    • SHA1

      223bef1f19e644a610a0877d01eadc9e28299509

    • SHA256

      f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

    • SHA512

      d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03

    • SSDEEP

      192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks