James_inthe_box9h ago

First time seeing #expiro drop #originlogger:

https://app.any.run/tasks/3d2d1d8b-b635-40b3-8a45-5edcaf3872b0/

James_inthe_boxFeb 2

#xworm dropping #originlogger , and reusing #remcos c2:

https://app.any.run/tasks/9e32da84-ba55-4ac9-96f2-b7ff02d15d6b

James_inthe_boxAug 4, 2025

#originlogger #malware at:

https://github\.com/jaybobo1/Supplier

c2: mail.dndmelectrical\.co\.za

BradNov 25, 2024

2024-11-25 (Monday): I love it when criminals email malware directly to my inbox. This one is #AgentTesla (or #OriginLogger or whatever it's called now) using FTP for data exfiltration.

It sends harvested login credentials, browser cookies and keylogger data to an FTP server at ftp.ercolina-usa[.]com approx every 10 minutes.

As noted in one of the images, two-letter indicators in the file names indicate the type of exfiltrated data:

PW = login credentials harvested from the infected windows host (passwords)

CO = cookies and other data from web browsers on the infected host

KL = Keylogger data from any collected keystrokes on the infected host.

Attached disk image file: https://bazaar.abuse.ch/sample/7a11d2d4ea5b0bf486c6e6695ff919e58aa54babb77061f4bbfe476ce1ec1738

Extracted AgentTesla EXE: https://bazaar.abuse.ch/sample/2362b4a5329f506af677d1e4cac2b92da252afdf4842bf4e8796b43c4ccb6714

MalwareBazaar | Checking your browser

Show threadJames_inthe_boxApr 15, 2024

@Irishmasms Garden variety #originlogger

exfil [email protected]

host: mail.eaaa.gr

IrishMASMSApr 15, 2024

Today's #malware from 4/12/2024

scan document_doccx.exe.bz2 (#application/x-bzip2, 647.76 kB)
#MD5:
89661fcdb21d7bdcbcf7d88b57589e57
#sha1:
0ab99af2d598137f985b7e0a5448b9bcd9c2e46c
#SHA256:
26e80ec8126b8cf5b13a94e8a0fbea348f8bcc3cd4caab27628921cb908c4a48
#SHA512:
cdd07b56a71fb6d7fa0b175a6a60f6d7d03e53394038027e881cbddd77d8a36291ac4511905ac4d45d3fd4c8d55878a1f0e324e927c92848b05f4e9ce1f29702

https://www.filescan.io/uploads/661d66f454bafb7d21cd5ae6/reports/aa1cc1a8-41e3-468e-a87e-f0dd410217f3/overview
https://www.virustotal.com/gui/file/26e80ec8126b8cf5b13a94e8a0fbea348f8bcc3cd4caab27628921cb908c4a48

#spammers #phishing #malicious #maliciousexe

#originlogger #commontrash #common #infostealer

Filescan.IO - Next-Gen Malware Analysis Platform

Submit malware for analysis on this next-gen malware assessment platform. Filescan GmbH develops and licenses technology to fight malware with a focus on Indicator-of-Compromise (IOC) extraction at scale.

James_inthe_boxApr 3, 2024

More #hagga via booking . com #malspam pdf -> js -> #originlogger

https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b

Analysis file.7z (MD5: A9A66A3B12E85D74D71D5F9677CD3601) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxMar 27, 2024

Some fresh #hagga -> #originlogger via booking . com:

https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5

Analysis lnvoice-1445766252.pdf.js (MD5: 258B1E8DE4924787FB4032649A9ACD49) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

James_inthe_boxFeb 20, 2024

Quite possibly the oddest #originlogger sample I've seen:

https://app.any.run/tasks/58764c9c-d6aa-4acf-9fb0-d5d4c803b925

Analysis Scan 20.02.24.pdf.exe (MD5: 49E3B8BC729FAD60719014E38A369C2F) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

André TavaresJan 10, 2024
Here's some data analysis on the victims of the popular infostealer #AgentTesla aka #OriginLogger🔑⌨️🪵 https://www.bitsight.com/blog/data-insights-agenttesla-and-originlogger-victims
Data Insights on AgentTesla and OriginLogger Victims | Bitsight

AgentTesla (also known as OriginLogger) remains a prevalent commodity stealer, being daily distributed, mainly via email attachments

Bitsight