Extracted

• • Target

    02bd38abfe6c9e8c842308bef8ae82a8_JaffaCakes118

  • Size

    454KB

  • MD5

    02bd38abfe6c9e8c842308bef8ae82a8

  • SHA1

    9ccff3a42fc8d175c3bfe3c965a5813ffa888923

  • SHA256

    4a0384c09149fa03c20cb45ac1d5175e9ac750826fab1e4f4fd8a5c16a0d958e

  • SHA512

    4542b78346d0dd836c95f22765531a3304bd604fdb7408ddd3c03e5da4bb14ecdf8e948e7f837b8d0e9d51cc6362fd8c9fe3de90521e3afd3a198547aa5507d4

  • SSDEEP

    12288:fIWlIc4I3RKPYKIwgy4GmXZaylN3K8KFypkq:f9Ic4tt5gn7JpK8KFyC

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2