#originlogger — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #originlogger, aggregated by home.social.
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
#xworm dropping #originlogger , and reusing #remcos c2:
https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b
-
-
2024-11-25 (Monday): I love it when criminals email malware directly to my inbox. This one is #AgentTesla (or #OriginLogger or whatever it's called now) using FTP for data exfiltration.
It sends harvested login credentials, browser cookies and keylogger data to an FTP server at ftp.ercolina-usa[.]com approx every 10 minutes.
As noted in one of the images, two-letter indicators in the file names indicate the type of exfiltrated data:
PW = login credentials harvested from the infected windows host (passwords)
CO = cookies and other data from web browsers on the infected host
KL = Keylogger data from any collected keystrokes on the infected host.
Attached disk image file: https://bazaar.abuse.ch/sample/7a11d2d4ea5b0bf486c6e6695ff919e58aa54babb77061f4bbfe476ce1ec1738
Extracted AgentTesla EXE: https://bazaar.abuse.ch/sample/2362b4a5329f506af677d1e4cac2b92da252afdf4842bf4e8796b43c4ccb6714
-
-
More #hagga via booking . com #malspam pdf -> js -> #originlogger
https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b
-
More #hagga via booking . com #malspam pdf -> js -> #originlogger
https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b
-
More #hagga via booking . com #malspam pdf -> js -> #originlogger
https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b
-
More #hagga via booking . com #malspam pdf -> js -> #originlogger
https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b
-
Some fresh #hagga -> #originlogger via booking . com:
https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5
-
Some fresh #hagga -> #originlogger via booking . com:
https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5
-
Some fresh #hagga -> #originlogger via booking . com:
https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5
-
Quite possibly the oddest #originlogger sample I've seen:
https://app.any.run/tasks/58764c9c-d6aa-4acf-9fb0-d5d4c803b925
-
Here's some data analysis on the victims of the popular infostealer #AgentTesla aka #OriginLogger🔑⌨️🪵 https://www.bitsight.com/blog/data-insights-agenttesla-and-originlogger-victims
-
New blog post! In this one I look at a downloader that executes #OriginLogger documented by Unit42 and @malware_traffic. Lots of .NET code in this one. https://forensicitguy.github.io/net-downloader-originlogger/