Extracted

• • Target

    cceb139330512f9c7820a18f87b89062_JaffaCakes118

  • Size

    1.7MB

  • MD5

    cceb139330512f9c7820a18f87b89062

  • SHA1

    e7fb7ee6e060b98b8e5823490aea1015798406fd

  • SHA256

    b045b7b993b005e1930ca50a9eb65df8b62ca29d1dfdbbb28ca6621384172908

  • SHA512

    5594cf5903b58c934ee33c2421e9256a0c5f452d1a9e2521d7ad02b36560fda37caf1f2a637628673273295ccb5303dd6faac4cc3db6ad7f17059998d8700d49

  • SSDEEP

    3072:fVFweCE25tXJ69MXGxjwJBIB6HrUwH3wgbqw7C4wRz/YR7VwwNxC3XrcHwqX0AQr:t

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2