Extracted

• • Target

    ef737a50b718f9d4c3331f926edd8e8c_JaffaCakes118

  • Size

    636KB

  • MD5

    ef737a50b718f9d4c3331f926edd8e8c

  • SHA1

    10a6cf02f6ebbd93212782122800e4978172d579

  • SHA256

    19b7ae6956a38825ac143952843f6e046c642a9dc635e18d4f84dcff4568c142

  • SHA512

    8f1aff36697d0d7544d96bc3ed949f79d8627c45328fec300bcfcb91f8378a7be62d271e51adc36f6d63fc2e62c157b006dfe9291125a040cd2b03a17053ba81

  • SSDEEP

    12288:6C+Pupk1AE4++rM4FdPEbw+Sf6ygbL7EKzIlxoQ7aIrDv8E0FKIa:NUAE4RrJFdPrmuIQWIrDZMna

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2