Extracted

• • Target

    fa8a727c5c81364a6e4f405965f7a516_JaffaCakes118

  • Size

    770KB

  • MD5

    fa8a727c5c81364a6e4f405965f7a516

  • SHA1

    eda6ceba474fc409c008c7311b26e5514c988c34

  • SHA256

    1c06a29a4078bc203b0b31f8736940cbd58adb8934128147bd454c87902cb0de

  • SHA512

    2b332c908f751a243c4f37992fed27459785ed41b6a930a4f51688fcd9455871c4ca180b8e2f653a3925a4e0fac6b640871bc865ab0b4429cfc2724c7d9723e2

  • SSDEEP

    12288:m3APyh5OSbu8O+8EnUEQQwVXMtDr+erO52JPqevkATp2pYiGG5TCNVEvHIDWbzPD:q5Lr4rOX5upAQZZ

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2