Extracted

• • Target

    759b49238cc787420a29ba23ac177aa7_JaffaCakes118

  • Size

    404KB

  • MD5

    759b49238cc787420a29ba23ac177aa7

  • SHA1

    d873b72fc56c86cd4543bca5ae5ca0ee3046e9b3

  • SHA256

    7ace65e8c9b2a4f79b1e29381e4f9885c6e45a96daf7cbad55cbdbe6cda329a6

  • SHA512

    efb4d611e2b72b865c463c2363e99f1cc7c37b525c8360c9e8b073e40564eb3652388de833f4ed8ee733029a60a0a1f88fba2ef759e5f320b7559b617741d842

  • SSDEEP

    6144:DtLiERQ+3HwOz37lwNcrJp79hVYYb7mZZ1To3bo2amQ4U0Lwh+SrMIt0:YESoPzJTjF+Vo386dUQw8

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2