General
-
Target
5d6a7e6ac30d9be77d59c170a26d8050_NeikiAnalytics.exe
-
Size
773KB
-
Sample
240617-hqb3tatbkm
-
MD5
5d6a7e6ac30d9be77d59c170a26d8050
-
SHA1
2e03281aa6d7895e6b6f779466db59d0e339ea91
-
SHA256
d3238e34d3a2f459d4c577c1e45fd7a4f2eb97847203c8b04ad613331b04ad56
-
SHA512
7161ef66cd6dabc4209ad19c9c5daef1a1f71dfc236fb2ef22555a68243da73cb3e5e5985c77de28bc96979d730eb911ebbd6a809759b3a723dc45c1decdfc0d
-
SSDEEP
12288:K72iNPyCK2xrOoMdoQwPQsuod6DkMnQtn9hE0A5i8sszIa88hJkWXQB/nHQZwukR:q15yC5M2QIQsPskMn2nUkUP88hG/HQu1
Static task
static1
Behavioral task
behavioral1
Sample
5d6a7e6ac30d9be77d59c170a26d8050_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5d6a7e6ac30d9be77d59c170a26d8050_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
=A+N^@~c]~#I
Targets
-
-
Target
5d6a7e6ac30d9be77d59c170a26d8050_NeikiAnalytics.exe
-
Size
773KB
-
MD5
5d6a7e6ac30d9be77d59c170a26d8050
-
SHA1
2e03281aa6d7895e6b6f779466db59d0e339ea91
-
SHA256
d3238e34d3a2f459d4c577c1e45fd7a4f2eb97847203c8b04ad613331b04ad56
-
SHA512
7161ef66cd6dabc4209ad19c9c5daef1a1f71dfc236fb2ef22555a68243da73cb3e5e5985c77de28bc96979d730eb911ebbd6a809759b3a723dc45c1decdfc0d
-
SSDEEP
12288:K72iNPyCK2xrOoMdoQwPQsuod6DkMnQtn9hE0A5i8sszIa88hJkWXQB/nHQZwukR:q15yC5M2QIQsPskMn2nUkUP88hG/HQu1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-