General
-
Target
a930a62acfc4ec3af94621bb1363556f3a1f4498f80ac06a5d09dffa00a2ec3f_NeikiAnalytics.exe
-
Size
1.2MB
-
Sample
240628-ytx3fs1amc
-
MD5
dcee3ba73e20f89251df17ff5b8b3400
-
SHA1
cd183d5b6bc9f7fd62fbf14eb18d90cd9366cd76
-
SHA256
a930a62acfc4ec3af94621bb1363556f3a1f4498f80ac06a5d09dffa00a2ec3f
-
SHA512
0060d3fa76e5e64b68328e84da3434cbbfc70825e105e2a694894c84c30100b2a2b546c50d514304bced0d9ec20ef950c962eb2c2c97cb0bf8bcf4ac65232008
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHa0r6nnjqKoepvJ6JCX9joldGzo5:+h+ZkldoPK8YanjqKoeph6k9jt6
Static task
static1
Behavioral task
behavioral1
Sample
a930a62acfc4ec3af94621bb1363556f3a1f4498f80ac06a5d09dffa00a2ec3f_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a930a62acfc4ec3af94621bb1363556f3a1f4498f80ac06a5d09dffa00a2ec3f_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.famas.vn - Port:
587 - Username:
[email protected] - Password:
Ilovefamas - Email To:
[email protected]
Targets
-
-
Target
a930a62acfc4ec3af94621bb1363556f3a1f4498f80ac06a5d09dffa00a2ec3f_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
dcee3ba73e20f89251df17ff5b8b3400
-
SHA1
cd183d5b6bc9f7fd62fbf14eb18d90cd9366cd76
-
SHA256
a930a62acfc4ec3af94621bb1363556f3a1f4498f80ac06a5d09dffa00a2ec3f
-
SHA512
0060d3fa76e5e64b68328e84da3434cbbfc70825e105e2a694894c84c30100b2a2b546c50d514304bced0d9ec20ef950c962eb2c2c97cb0bf8bcf4ac65232008
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHa0r6nnjqKoepvJ6JCX9joldGzo5:+h+ZkldoPK8YanjqKoeph6k9jt6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-