Br3akp0int · @Br3akp0int
3 followers · 1 posts · Server infosec.exchange
Sharing #STRT blog related to #AgentTesla malware analysis and detections. In this article we include some tip how you can use fakesmtp server to see the exfiltrated data in attacker side. 😀
1. modify #agenttesla smtp setup, disable smtp SSL
2. then setup your fake or dummy smtp server. In this analysis I use this great tool #smtpdev.
https://github.com/rnwood/smtp4dev
after the setup, you have the attacker's view as it sends the screenshot, keylogs and browser databases/info (in .zip) to your fake smtp.
for #Splunk analytics here is the link of the #agenttesla analytic story https://research.splunk.com/stories/agenttesla/
#malware #int3 #reverseengineering #BlueTeam #cybersecurity #incidentresponse
#strt #agenttesla #smtpdev #splunk #malware #int3 #reverseengineering #blueteam #cybersecurity #incidentresponse
Br3akp0int · @Br3akp0int
33 followers · 12 posts · Server infosec.exchangeSharing #STRT blog related to #AgentTesla malware analysis and detections. In this article we include some tip how you can use fakesmtp server to see the exfiltrated data in attacker side. 😀
1. modify #agenttesla smtp setup, disable smtp SSL
2. then setup your fake or dummy smtp server. In this analysis I use this great tool #smtpdev.
https://github.com/rnwood/smtp4dev
after the setup, you have the attacker's view as it sends the screenshot, keylogs and browser databases/info (in .zip) to your fake smtp.
for #Splunk analytics here is the link of the #agenttesla analytic story https://research.splunk.com/stories/agenttesla/
#malware #int3 #reverseengineering #BlueTeam #cybersecurity #incidentresponse
#strt #agenttesla #smtpdev #splunk #malware #int3 #reverseengineering #blueteam #cybersecurity #incidentresponse