Extracted

• • Target

    e9334d264d8fa5fcd8d50385bec8e4e4_JaffaCakes118

  • Size

    716KB

  • MD5

    e9334d264d8fa5fcd8d50385bec8e4e4

  • SHA1

    00becda0dea2b5b5ea2fd9f4f220a78239930e1f

  • SHA256

    505ce8fcaa21b5fe5678571f794eab2477fb4e0e7dea90796e08ce1206ac4d1f

  • SHA512

    d58ca114a747cf5f667502f3d212b6c04a8bc6ce401ed72290a45ad1faa26e5922f96572d8a7ea76ac04f4866c76311df56c52e6ac42b1969e0abb79318883e5

  • SSDEEP

    12288:3G4F/HK7ze/YolomgXUV4qG0+A1FK/W3OWRxdwaZb2byKxpQdNpCyuij094D:30q/YiYM4x0+WA/adwaZQZEkijA

  Score

  10^/10

  discoveryagentteslacollectioncredential_accesskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2