Extracted

• • Target

    JaffaCakes118_7bdc6d1258a1442db91a82ab5501da7e

  • Size

    763KB

  • MD5

    7bdc6d1258a1442db91a82ab5501da7e

  • SHA1

    5c2bbc7dc1f1e1c9c28a66860c91a02cb2e870fe

  • SHA256

    63d20b4e1123c929cabf35a8c4b8268f0aebb98e38ccdb31918ecb9e530cdc93

  • SHA512

    48bcaa01ba761daf74c4870313b6fb2940de55c54d961fdd1ab3cc6246fae12b9cb89d396558dec4f99ca2aabf07e982059a182d131f50e389cb0259d2b449ae

  • SSDEEP

    1536:CmL1ccSY8Nm7VTdDUa5YCNxZUNCjxlRplDsscMyb1DBUuBqGAfZxdlOEonOsLJTx:o

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2