Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
999bdc15ad8a7389ba2464b9a605f5c6bbc828a389b1ff9a91859809229f3252_NeikiAnalytics.exe
-
Size
1.2MB
-
Sample
240628-qhdknsthnj
-
MD5
5a4cb77baea8a215ba8a08918c033fd0
-
SHA1
715031284dcb04d35eb47bf2cf2374b13afe895d
-
SHA256
999bdc15ad8a7389ba2464b9a605f5c6bbc828a389b1ff9a91859809229f3252
-
SHA512
83a7a97aa984246ea7d5b643a50d00af752f772ce29b1c8212c7f20e0a721727aacf27b2a30da8f35e1969a4920b2a5531ce5519665440d7f0959ce02553910b
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa/8TFDlXNfwYz5:Wh+ZkldoPK8Ya/yjOk
Static task
static1
Behavioral task
behavioral1
Sample
999bdc15ad8a7389ba2464b9a605f5c6bbc828a389b1ff9a91859809229f3252_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
999bdc15ad8a7389ba2464b9a605f5c6bbc828a389b1ff9a91859809229f3252_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oconorpower.com.ar - Port:
587 - Username:
[email protected] - Password:
$Micre3078@Jup - Email To:
[email protected]
Targets
-
-
Target
999bdc15ad8a7389ba2464b9a605f5c6bbc828a389b1ff9a91859809229f3252_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
5a4cb77baea8a215ba8a08918c033fd0
-
SHA1
715031284dcb04d35eb47bf2cf2374b13afe895d
-
SHA256
999bdc15ad8a7389ba2464b9a605f5c6bbc828a389b1ff9a91859809229f3252
-
SHA512
83a7a97aa984246ea7d5b643a50d00af752f772ce29b1c8212c7f20e0a721727aacf27b2a30da8f35e1969a4920b2a5531ce5519665440d7f0959ce02553910b
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHa/8TFDlXNfwYz5:Wh+ZkldoPK8Ya/yjOk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-