API tools faq
paste
VRad

#Agenttesla_150620

VRad
Jun 15th, 2020
399
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.38 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #agenttesla #RAT #passwdstealer #FTP
  2.  
  3. https://pastebin.com/pma5MQAW
  4.  
  5. previous_contact:
  6. 12/06/20 https://pastebin.com/SKNts0Es
  7. 29/10/19 https://pastebin.com/RinpBPvy
  8. 03/09/19 https://pastebin.com/zhJvDz8M
  9. 09/01/19 https://pastebin.com/MdDfZDdb
  10. 16/10/18 https://pastebin.com/d5DxTRrB
  11. 04/10/18 https://pastebin.com/JYShuXn4
  12. 11/10/18 https://pastebin.com/bkCSvJvM
  13.  
  14. FAQ:
  15. https://radetskiy.wordpress.com/2018/10/19/ioc_agenttesla_111018/
  16.  
  17. attack_vector
  18. --------------
  19. email attach .png > URL link > 7zip > exe
  20.  
  21. email_headers
  22. --------------
  23. Received: from rin43152.imocstudio.com (rin43152.imocstudio.com [82.223.43.152])
  24. Received: from webmail.ferrallados.es (localhost.localdomain [127.0.0.1])
  25. Date: Mon, 15 Jun 2020 04:14:01 +0100
  26. From: Сьюзан Бойко <[email protected]>
  27. To: undisclosed-recipients:;
  28. Subject: Новий ордер на купівлю #15060012
  29. User-Agent: Roundcube Webmail/1.4.3
  30. X-Sender: [email protected]
  31. Return-Path: [email protected]
  32.  
  33. files
  34. --------------
  35. SHA-256 0d1dbc780abe80489dd8661ab0d3de7f1915e0ea52d17705cbbac43921e420f1
  36. File name 15060012.7z [7-zip archive data, version 0.4]
  37. File size 237.17 KB (242858 bytes)
  38.  
  39. SHA-256 c0beca8181828e29cf435168b33e8d535f6a84be95e9f88b739867e7a4a1c11b
  40. File name 15060012.exe [ .NET executable ]
  41. File size 614.50 KB (629248 bytes)
  42.  
  43. SHA-256 978a4093058aa2ebf05dc353897d90d950324389879b57741b64160825b5ec0e
  44. File name AddInProcess32.exe [ .NET executable ]
  45. File size 41.09 KB (42080 bytes)
  46.  
  47. activity
  48. **************
  49. PL_SCR
  50. https://www.mediafire.com/file/c3pe7lverm3bpsp/15060012.7z/file
  51.  
  52.  
  53. C2
  54. 77.88.21.158:587 smtp.yandex{.} com
  55.  
  56. netwrk
  57. --------------
  58. 77.88.21.158 smtp.yandex.com
  59.  
  60. comp
  61. --------------
  62. AddInProcess32.exe 3268 TCP 77.88.21.158 587 ESTABLISHED
  63.  
  64. proc
  65. --------------
  66. C:\Users\operator\Desktop\15060012.exe
  67. C:\tmp\AddInProcess32.exe
  68.  
  69. persist
  70. --------------
  71. n/a
  72.  
  73. drop
  74. --------------
  75. C:\tmp\AddInProcess32.exe
  76.  
  77. # # #
  78. https://www.virustotal.com/gui/file/0d1dbc780abe80489dd8661ab0d3de7f1915e0ea52d17705cbbac43921e420f1/details
  79. https://www.virustotal.com/gui/file/c0beca8181828e29cf435168b33e8d535f6a84be95e9f88b739867e7a4a1c11b/details
  80. https://www.virustotal.com/gui/file/978a4093058aa2ebf05dc353897d90d950324389879b57741b64160825b5ec0e/details
  81. https://analyze.intezer.com/#/analyses/8b154c71-5e67-4405-af7d-661a24b78383
  82.  
  83. VR
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!