Extracted

• • Target

    fc9e2df82fdda41c3cbbe5037c9afa51_JaffaCakes118

  • Size

    792KB

  • MD5

    fc9e2df82fdda41c3cbbe5037c9afa51

  • SHA1

    ff6576a6d5d23d775a4960b7ccbb5727044501c9

  • SHA256

    8ceba0ecd94e885f32b2e9b68373691b43887e70f6bc903878fdb74551fc919d

  • SHA512

    5f274914d0d409d467bbca42c18be3df3d46289a5b1e9716afde21d9cbc07b8acc7439202fd8678881597fbe3ae698fdbec8ac0ea509bbe15410af27a3038e4c

  • SSDEEP

    12288:GjbBOJuk1EYLwotbltPbjn1gFi7Vik4BKVToDdE0iKKEDB:dn7LPXVui7ViFrRDi+9

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2