home.social

#originlogger — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #originlogger, aggregated by home.social.

  1. #originlogger #malware at:

    https://github\.com/jaybobo1/Supplier

    c2: mail.dndmelectrical\.co\.za

  2. 2024-11-25 (Monday): I love it when criminals email malware directly to my inbox. This one is #AgentTesla (or #OriginLogger or whatever it's called now) using FTP for data exfiltration.

    It sends harvested login credentials, browser cookies and keylogger data to an FTP server at ftp.ercolina-usa[.]com approx every 10 minutes.

    As noted in one of the images, two-letter indicators in the file names indicate the type of exfiltrated data:

    PW = login credentials harvested from the infected windows host (passwords)

    CO = cookies and other data from web browsers on the infected host

    KL = Keylogger data from any collected keystrokes on the infected host.

    Attached disk image file: bazaar.abuse.ch/sample/7a11d2d

    Extracted AgentTesla EXE: bazaar.abuse.ch/sample/2362b4a

  3. New blog post! In this one I look at a downloader that executes #OriginLogger documented by Unit42 and @malware_traffic. Lots of .NET code in this one. forensicitguy.github.io/net-do

    #malware