Extracted

• • Target

    4c054745c3380e57030f39f95139b09a_JaffaCakes118

  • Size

    821KB

  • MD5

    4c054745c3380e57030f39f95139b09a

  • SHA1

    77973102d0831bafe1f52f56ac8bd37251be193c

  • SHA256

    ab31adfeabb7c40d485b9926f5c9ad2c51605202546aa5619163a0165e31b10f

  • SHA512

    7ec57b200eda5082f6fe59c3727e2f3b3a24f8102a5fd50bd54a65cda18f1898ba07f17ebd11469891128014391f9c0eb16a341e6014e02aac5169ac642a7d32

  • SSDEEP

    12288:4/nca2PRPUGeR7rfaKSosz/Vz+sg+zrYIZI85OAYxI8cRIXieQGzPyDXfHkS9/jz:4fca2teR/SfoCMkrX0As9yeQGzu0

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2