General

  • Target

    5d6a7e6ac30d9be77d59c170a26d8050_NeikiAnalytics.exe

  • Size

    773KB

  • Sample

    240617-hqb3tatbkm

  • MD5

    5d6a7e6ac30d9be77d59c170a26d8050

  • SHA1

    2e03281aa6d7895e6b6f779466db59d0e339ea91

  • SHA256

    d3238e34d3a2f459d4c577c1e45fd7a4f2eb97847203c8b04ad613331b04ad56

  • SHA512

    7161ef66cd6dabc4209ad19c9c5daef1a1f71dfc236fb2ef22555a68243da73cb3e5e5985c77de28bc96979d730eb911ebbd6a809759b3a723dc45c1decdfc0d

  • SSDEEP

    12288:K72iNPyCK2xrOoMdoQwPQsuod6DkMnQtn9hE0A5i8sszIa88hJkWXQB/nHQZwukR:q15yC5M2QIQsPskMn2nUkUP88hG/HQu1

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    =A+N^@~c]~#I

Targets

    • Target

      5d6a7e6ac30d9be77d59c170a26d8050_NeikiAnalytics.exe

    • Size

      773KB

    • MD5

      5d6a7e6ac30d9be77d59c170a26d8050

    • SHA1

      2e03281aa6d7895e6b6f779466db59d0e339ea91

    • SHA256

      d3238e34d3a2f459d4c577c1e45fd7a4f2eb97847203c8b04ad613331b04ad56

    • SHA512

      7161ef66cd6dabc4209ad19c9c5daef1a1f71dfc236fb2ef22555a68243da73cb3e5e5985c77de28bc96979d730eb911ebbd6a809759b3a723dc45c1decdfc0d

    • SSDEEP

      12288:K72iNPyCK2xrOoMdoQwPQsuod6DkMnQtn9hE0A5i8sszIa88hJkWXQB/nHQZwukR:q15yC5M2QIQsPskMn2nUkUP88hG/HQu1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks