Extracted

• • Target

    278462f6e98c795e1f617ebb63cd9b70_JaffaCakes118

  • Size

    820KB

  • MD5

    278462f6e98c795e1f617ebb63cd9b70

  • SHA1

    a8e8279359d48aea2980a3d9ef3e0c682ebf13cd

  • SHA256

    f92b0ac5d72a8bead386ad9bca4fb51523f2da63f6d3a2e195bc0e83765022c1

  • SHA512

    305232be4197314dee85cd4fcf17fe5433655c66028fcd9c366c19ee963db3de0e1826c34b97a7cb2b1566cbbb170091b9d51ae58bf5df0c4d8be71a05575f2a

  • SSDEEP

    12288:21Cw+Jc8uvx6k9y/n93aPtwQKp2pUsdRB0HK7zS6L5cAI7RGZPqKv6jVne59wXWi:ty2939QJdxW6dcAI9GZPRydezDWIO

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2