General
-
Target
4da9ba264ccd1adb674ee55c48a4cb10ac938ce5c89e5fa781a495fb81e48317_NeikiAnalytics.exe
-
Size
650KB
-
Sample
240701-ndvbhsycnb
-
MD5
5108d0d50f38d769eaf51042ca8ea800
-
SHA1
d38ee4b8ce20ff4bd5baead1f71bfa51a0e5fe0f
-
SHA256
4da9ba264ccd1adb674ee55c48a4cb10ac938ce5c89e5fa781a495fb81e48317
-
SHA512
d87d50c21e78dfa05324250276e953ec37d9c01aae8dee5761b8df99221a874a37cd3d10ecdbd44451013479e5bacff02ed87eca6135e7795caaa16f937f8fed
-
SSDEEP
12288:m99glhPbCawC2PiYfaLycBSmb26nWtm41C2Gh105qJVpRnhA8pfPs/:mQwhqYyLycBSmb26nWtHezvp1hT
Static task
static1
Behavioral task
behavioral1
Sample
4da9ba264ccd1adb674ee55c48a4cb10ac938ce5c89e5fa781a495fb81e48317_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4da9ba264ccd1adb674ee55c48a4cb10ac938ce5c89e5fa781a495fb81e48317_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
4da9ba264ccd1adb674ee55c48a4cb10ac938ce5c89e5fa781a495fb81e48317_NeikiAnalytics.exe
-
Size
650KB
-
MD5
5108d0d50f38d769eaf51042ca8ea800
-
SHA1
d38ee4b8ce20ff4bd5baead1f71bfa51a0e5fe0f
-
SHA256
4da9ba264ccd1adb674ee55c48a4cb10ac938ce5c89e5fa781a495fb81e48317
-
SHA512
d87d50c21e78dfa05324250276e953ec37d9c01aae8dee5761b8df99221a874a37cd3d10ecdbd44451013479e5bacff02ed87eca6135e7795caaa16f937f8fed
-
SSDEEP
12288:m99glhPbCawC2PiYfaLycBSmb26nWtm41C2Gh105qJVpRnhA8pfPs/:mQwhqYyLycBSmb26nWtHezvp1hT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-