Extracted

• • Target

    JaffaCakes118_8195933d86c3d1c32779574cee331e37

  • Size

    1.3MB

  • MD5

    8195933d86c3d1c32779574cee331e37

  • SHA1

    6ca5c19d8d6d6268b0c9e04e149e7d8ec5ca4197

  • SHA256

    a9993c32ba563caa1d5189a138ebd607fa15cfbbf9dd6124f11215f9803cc036

  • SHA512

    ad4ee8dcd1ed22d1dac2f97f60cba69f89605873b0ca465bf9df644ee8721e22bad5fd2305c5f230f42497e2997637bdb56abbb58073061f731665d7f5c7212f

  • SSDEEP

    12288:PHLwA5XPo7/fBSkkkkkkkkkkkkkkx9L+kIkkvkkkkkkkk7ZLyszVNA87b8CoirI8:PH8A5A7klIGs087PoitB+JS6afj7

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2