API tools faq
paste
VRad

#Agenttesla_120620

VRad
Jun 15th, 2020
301
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.27 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #agenttesla #RAT #passwdstealer #FTP
  2.  
  3. https://pastebin.com/SKNts0Es
  4.  
  5. previous_contact:
  6. 29/10/19 https://pastebin.com/RinpBPvy
  7. 03/09/19 https://pastebin.com/zhJvDz8M
  8. 09/01/19 https://pastebin.com/MdDfZDdb
  9. 16/10/18 https://pastebin.com/d5DxTRrB
  10. 04/10/18 https://pastebin.com/JYShuXn4
  11. 11/10/18 https://pastebin.com/bkCSvJvM
  12.  
  13. FAQ:
  14. https://radetskiy.wordpress.com/2018/10/19/ioc_agenttesla_111018/
  15.  
  16. attack_vector
  17. --------------
  18. email attach .png > URL link > 7zip > exe
  19.  
  20. email_headers
  21. --------------
  22. Received: from rin43152.imocstudio.com (rin43152.imocstudio.com [82.223.43.152])
  23. Received: from webmail.coelba.cat (localhost.localdomain [127.0.0.1])
  24. Date: Fri, 12 Jun 2020 05:28:30 +0100
  25. From: Олена Кушніренко <proveedores@coelba.cat>
  26. To: undisclosed-recipients:;
  27. Subject: Червневий платіж
  28. User-Agent: Roundcube Webmail/1.4.3
  29. X-Sender: proveedores@coelba.cat
  30.  
  31. files
  32. --------------
  33. SHA-256 b87ebc342282049b1c016f8a8eb93c4ccd95c9de86c169baf6b914fddbcacde1
  34. File name 1122291890.7z [ 7-zip archive data, version 0.4 ]
  35. File size 237.94 KB (243646 bytes)
  36.  
  37. SHA-256 0ccd69ab1e1a3514a7934ccf5647a18d1cc171843e719055b3ece0a1e7708fcc
  38. File name 1122291890.exe [.NET executable]
  39. File size 613.00 KB (627712 bytes)
  40.  
  41. SHA-256 4c7ce63cd966e72e5d94f6dc8b0f82cec35b88b1a8d24305c52a7106cdad5ad9
  42. File name InstallUtil.exe [ .NET executable ]
  43. File size 39.67 KB (40624 bytes)
  44.  
  45. activity
  46. **************
  47. PL_SCR
  48. https://www.mediafire.com/file/bl8v4v4x028vf9z/1122291890.7z/file
  49.  
  50. C2
  51. 77.88.21.158:587 smtp.yandex{.} com
  52.  
  53. netwrk
  54. --------------
  55. 77.88.21.158 smtp.yandex.com
  56.  
  57. comp
  58. --------------
  59. InstallUtil.exe 3336 TCP 77.88.21.158 587 ESTABLISHED
  60.  
  61. proc
  62. --------------
  63. C:\Users\operator\Desktop\atesla.exe
  64. C:\tmp\InstallUtil.exe
  65.  
  66. persist
  67. --------------
  68. n/a
  69.  
  70. drop
  71. --------------
  72. C:\tmp\InstallUtil.exe
  73.  
  74. # # #
  75. https://www.virustotal.com/gui/file/b87ebc342282049b1c016f8a8eb93c4ccd95c9de86c169baf6b914fddbcacde1/details
  76. https://www.virustotal.com/gui/file/0ccd69ab1e1a3514a7934ccf5647a18d1cc171843e719055b3ece0a1e7708fcc/details
  77. https://www.virustotal.com/gui/file/4c7ce63cd966e72e5d94f6dc8b0f82cec35b88b1a8d24305c52a7106cdad5ad9/details
  78. https://analyze.intezer.com/#/analyses/fe86343e-1507-4d31-bc30-7ed1ea6844f7
  79.  
  80. VR
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!