Extracted

• • Target

    cf2e53eead99c4e7921b768bd649b7c3_JaffaCakes118

  • Size

    896KB

  • MD5

    cf2e53eead99c4e7921b768bd649b7c3

  • SHA1

    7ab8f464e6945d87b6377d48a02f82da856009b3

  • SHA256

    6a60a4591be2d9e721c3280d36b7594c93799bd695b45091b8db96b0b50d3b56

  • SHA512

    eed3fad2795df0731242a22a3ef7c5af11d1ad137148c9b59a3ca44ad7f4e2c32c1e8cb1198571ebd3fa40c65af2086cbdc78e2ee7c1d4ad08d4b6422662a248

  • SSDEEP

    12288:SwGWFlnztZi9709q7G13E3b6CsNTkdSAXuH342Wtg2pDJUL3g8RJB9sngma31CJp:SQHztZuHr6+WuDJAnugfA2

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2