Extracted

• • Target

    JaffaCakes118_d191a5f798830359f259ba7d2d21a010

  • Size

    759KB

  • MD5

    d191a5f798830359f259ba7d2d21a010

  • SHA1

    b5d4e728cae2a269cc4a0e37ead009a7db92f008

  • SHA256

    c3885d765316e76d38f9a4635d49a66818f8def0cb845609721b4f9c4e3ec829

  • SHA512

    1cfe15d7985df1925749cf52516e8c1d1453f471fe96bafec10fe98fa06e1c9087de995d03dc656f5ca12014f6c3ae4dfc76a325459059c4a5f95f87b05bebe4

  • SSDEEP

    1536:NcGaFcSm8djmBTdDaalZfN6OUapCUlmpVs7ab/vDMuBZubpvG+K3LTbPdTfnX4mA:Z

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2