#AgentTesla #opendir url http://ptpjm.co.id/updd/attatt.exe sha256 44945405

1. #AgentTesla #opendir
2. url http://ptpjm.co.id/updd/attatt.exe
3. sha256 4494540538e4748451fea3485f19f2899ba2af0caae4f979d8e474472ef666ad
4. sha1 b8c108bdfdd389a152dfb27dcaabbe452d6f59de
5. md5 79089df1d66828727ea31d0019df52c5
6. DNS requests
7. domain checkip.dyndns.org
8. domain mail.fajr.com
9. Connections
10. ip 192.254.234.204
11. ip 216.146.43.70
12. HTTP/HTTPS requests
13. url http://checkip.dyndns.org/
14.  
15. url http://ptpjm.co.id/updd/dcom.exe
16. sha256 9c930e0f89c70d8903efbf306f1c7075b1d9ab91bf007261fc02655c30722c48
17. sha1 f78c8084ee8166cdced4ef700c9f9a852a889ff9
18. md5 ccc1ca5d44fc08781b8fa9ad74b37137
19. DNS requests
20. domain mail.ugpharma.com
21. domain checkip.dyndns.org
22. Connections
23. ip 162.88.100.200
24. ip 192.185.109.43
25. HTTP/HTTPS requests
26. url http://checkip.dyndns.org/
27.  
28. url http://ptpjm.co.id/updd/ezee.exe
29. sha256 a8e9e533636ce748e35a2c07be6ec339597bd20074c5fb50e4a72bcb471c3d73
30. sha1 ea5adc4bd2fafc84a4f7975df47f6caf5a7d7fde
31. md5 cb2638eae787c33b6ca383f76106151b
32. DNS requests
33. domain mail.ugpharma.com
34. domain checkip.dyndns.org
35. Connections
36. ip 216.146.43.70
37. ip 192.185.109.43
38. HTTP/HTTPS requests
39. url http://checkip.dyndns.org/
40.  
41. url http://ptpjm.co.id/updd/papke.exe
42. sha256 646279f3c5fbf7ad7c9445d5909901104c3a9555df358f1308d0041c256dae2f
43. sha1 0d15f91c8c3eb277321c2ca168a65ac3781ab343
44. md5 c6b85b02f703d71a7305ab57ba5a8085
45. DNS requests
46. domain mail.ugpharma.com
47. domain checkip.dyndns.org
48. Connections
49. ip 216.146.43.70
50. ip 192.185.109.43
51. HTTP/HTTPS requests
52. url http://checkip.dyndns.org/
53.  
54. url http://ptpjm.co.id/updd/pgpgg.exe
55. sha256 a425f9a079610ad251322a127b7e43fd6658b773047a10be0b6fb8d407d51522
56. sha1 43efc33830bff70908558db57b8ff06f4b8d7ae0
57. md5 5a1a77d1eb225fd2a828eab5e56e3430
58. DNS requests
59. domain mail.ugpharma.com
60. domain checkip.dyndns.org
61. Connections
62. ip 216.146.43.71
63. ip 192.185.109.43
64. HTTP/HTTPS requests
65. url http://checkip.dyndns.org/
66.  
67. url http://ptpjm.co.id/updd/spenv.exe
68. sha256 6eb8b7ec8db012b974a8c8fe674ffd3e93cbb7490281be3de24e0ae27400bee3
69. sha1 52bd09b5bba3d7736c917950d4172dca4129307a
70. md5 f3f816f1b16c123bf8d56c69dd02b817
71. DNS requests
72. domain checkip.dyndns.org
73. domain mail.fajr.com
74. Connections
75. ip 192.254.234.204
76. ip 162.88.96.194
77. HTTP/HTTPS requests
78. url http://checkip.dyndns.org/
79.  
80. url http://ptpjm.co.id/updd/zubbh.exe
81. sha256 4eec47d70120f245cecd069a8a0fd1ad24b91a8935b27bd8e3108987a86a8ffe
82. sha1 d31ffdbbb1f3f227cf964cfd4f2ab2f279aca785
83. md5 1be7e9fec529de273a2a23874de015ca
84. DNS requests
85. domain mail.fajr.com
86. domain checkip.dyndns.org
87. Connections
88. ip 192.254.234.204
89. ip 216.146.38.70
90. HTTP/HTTPS requests
91. url http://checkip.dyndns.org/
92.  
93. Actors:
94. francobillion3@fajr.com
95. zinfo@ugpharma.com
96. tundegoodman@ugpharma.com
97. mattdamon572@ugpharma.com
98. rorica.rorica@ugpharma.com
99. officespencer101@fajr.com
100. samudarajs@fajr.com