Extracted

• • Target

    ffb39a1c35afd8da8fd2ec9cc9e6a3bc_JaffaCakes118

  • Size

    586KB

  • MD5

    ffb39a1c35afd8da8fd2ec9cc9e6a3bc

  • SHA1

    d23b985fe9f2a839b7a98b9ce5edcc290e490942

  • SHA256

    7025646051d3e7f66b4ec927311cb7734c12ce5085335bca85251022e8ae7bcd

  • SHA512

    a6b4c55b762d9303d8864152fd15456dc45680eb9b73219b52614efcdc5bc79e4ad60d3abb571a1a4c2808695269d161e6476448b8ba0df9916f69da53d1733c

  • SSDEEP

    12288:F0zKcrXld21fNlRUcUInJdxTZxz4vmV++3lRUo4+ih8O5KUA2DEPrGx7z7jxwVTo:F1W6vnfFPQ+1BPih8lrGxv7+tT

  Score

  10^/10

  discoveryagentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2