Attachments
(442.18 KiB) Downloaded 36 times
markusg wrote: ↑Sat Apr 07, 2018 3:08 am https://www.virustotal.com/#/file/a0a3a ... /detectionproxy_z_obejsciem.rar
This is a password stealer. The author seems to call it "Educational Stealer".
Downloads and executes "http://www.blazingpacketv2.cba.pl/1.exe", "2.exe", "3.exe" and "4.exe".
Uploads results "1.txt", "2.txt", "3.txt" and "4.txt" via FTP to "ftp://cba.pl/", logs in as "admin@mkoesapi.cba.pl" with password "123Qweasdzxc".
Unpacked in attach
