Extracted

• • Target

    36213366032b22701866fccdfd9620c9_JaffaCakes118

  • Size

    877KB

  • MD5

    36213366032b22701866fccdfd9620c9

  • SHA1

    d06f0bc6b3ec9a24d07c7664dae83c62169415c0

  • SHA256

    ee4b55a0b460933a61523d5c7ba71f9a4723323f31791777560b63f829f9e2bd

  • SHA512

    dc1d17983e5f66d4c9c637cd7c2df577d9c36074905e4265e236104c77e96685a6f5d7dea9f41f4b2513c0e2306bb67a04d6df6dd5b40a7b579794b3e2dcac97

  • SSDEEP

    12288:MRZeaQdjwAGJHK7zFxSxJdKs84kIlNoEzzgNsu04BtIw0xSTZGVzBFjHP:ieaArnSnL8BxigNsuTB2MZ+z/jHP

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2