General
-
Target
965cb09abfc02e3bdb40a3f11a8101d0_NeikiAnalytics.exe
-
Size
575KB
-
Sample
240617-qnxkqsxajj
-
MD5
965cb09abfc02e3bdb40a3f11a8101d0
-
SHA1
85f0e0ca17e22bb9e68ba2c38d314f64950379f8
-
SHA256
80ad1b38f05d2f3aeff417240326f86b54398d3df2edc0e9e49411039f545a12
-
SHA512
e01e91b9468a183d3cf139e1b6df918d96839a05cf46afd225568739ab730967193f3cd852f339565b9e468d467dce5538776acf7f4cefb7a231e3282011e325
-
SSDEEP
12288:x6WQ75T+/ZlWHQ+hbaSuR5MoN2ovFmUBW7STQPXPPT2kuYBzOQeRxyx:xNuTo9+V05qovz8SeXPPX
Static task
static1
Behavioral task
behavioral1
Sample
965cb09abfc02e3bdb40a3f11a8101d0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
965cb09abfc02e3bdb40a3f11a8101d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
terminal4.veeblehosting.com - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@ - Email To:
[email protected]
Targets
-
-
Target
965cb09abfc02e3bdb40a3f11a8101d0_NeikiAnalytics.exe
-
Size
575KB
-
MD5
965cb09abfc02e3bdb40a3f11a8101d0
-
SHA1
85f0e0ca17e22bb9e68ba2c38d314f64950379f8
-
SHA256
80ad1b38f05d2f3aeff417240326f86b54398d3df2edc0e9e49411039f545a12
-
SHA512
e01e91b9468a183d3cf139e1b6df918d96839a05cf46afd225568739ab730967193f3cd852f339565b9e468d467dce5538776acf7f4cefb7a231e3282011e325
-
SSDEEP
12288:x6WQ75T+/ZlWHQ+hbaSuR5MoN2ovFmUBW7STQPXPPT2kuYBzOQeRxyx:xNuTo9+V05qovz8SeXPPX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-