West African Financial Institutions Hit by Wave of Attacks

1. West African Financial Institutions Hit by Wave of Attacks
2.  
3.  
4. The first attack type
5. Files
6.  
7. MD5 SHA256 Description
8. 24015acd155ec7305805dbdff1dd074d 80a2576c3148ba5123aa016bf01e72bba53995b172dd263ab2071fad1c9d548d Trojan.Nancrat (Nanocore)
9. 4d49e578d359185324acda70a2880dd5 21c87bcccf7e5c164da7c94772ef71a065a862f9ce32341a38eb39ffb7804305 Trojan.Nancrat (Nanocore)
10. 64b88486170e5cb890a7486965a90e84 dab1953b9135a9bf0c5ffe86b87ab9a9c6fa34482004aa8bb2bf7ea8d72c8c62 Trojan.Nancrat (Nanocore)
11. a8372b48280c6ee5b225f8ccd3cf4814 53f8afe36e562c92140f4f8fa1f8ffce9e1f48b1eaff96bd6ab4b03646b97dc3 Trojan.Nancrat (Nanocore)
12. 8dd3e20fe9770843bc2c9b2523a7cfb2 8fe18a768769342be49ac33d2ba0653ba7f105a503075231719c376b6ded8846 JavaScript downloader
13. 470cdc0ea9caed534b14bd5e195d19e8 5f456a55f18bf183a7c988617787a041b90e8ecbeed8a01c583597b3fd19b42e JavaScript downloader
14. 605e99ea7dc4e73ae2af59cfb03360ec ce58546eebd3c8e218b1db19c9c7b5ffe086ee814aab0e891061f8cba954b14d JavaScript downloader
15. e8828b155567e587fbeca9069289e0d9 3b7cc16fa5c5a78f0d1816d09a71b835f589de842b20e8c96c7084b9b0a89ff3 Trojan.Nancrat (Nanocore)
16. Infrastructure
17.  
18. Domain
19. nemesis225.ddns.net
20. The second attack type
21. Files
22.  
23. MD5 SHA256 Description
24. 48aa8247b840cc5bf6603972970be279 04f3a52fa8ae1a3af6c965f7c3a4655a98c3c8e1b3d3ffa9e4948bded6ed67d3 Silently installs UltraVNC as a backdoor
25. c29b2a8249f9ef6adfc9625a2f09207b 74456c52a6d02c06567c0ecf871a15aff25b2204374a62bbb2d5dd027d999fb9 Trojan.Agentemis (Cobalt Strike)
26. dffdbe7c37216566b73f45547e95c907 28595218d1e6536df5ff53d90e5608f11751ddc2e7585a12bb041d8e9b31e550 Trojan.Agentemis (Cobalt Strike)
27. 0e006ca75884ad69529d8bfb5871a0da bc10d67886829d08e0241ad9c543e625df3f5443df0e7fbead9ca4f03081f71e Shellcode downloader
28. 6ea6b4affcfb54fde3cb753283159018 8039284cd3c4306225f8f7494544de1699637c59bec4b1d1b4e01fc893f5b0d8 Remote access tool
29. fee97320cd9a9848922b01c32a41cdd4 56e6f061c8424a70e796cf6a2a6d6fbbd691431cfa0aeed186cc50177831e5d9 Remote access tool
30. 4acbde841b82fd7203e55ac83aa7c1fe 0b038ee8dca1a0f5f9453303542ff2cddbbca2458fdf36b09a6756d4e5b0fec9 Trojan.Agentemis (Cobalt Strike)
31. Infrastructure
32.  
33. Domain
34. moneygram.servehttp.com
35. The third attack type
36. Files
37.  
38. MD5 SHA256 Description
39. 97034d8a97b967b2f18a867b411552f7 6bfc1ec16f3bd497613f57a278188ff7529e94eb48dcabf81587f7c275b3e86d Mimikatz
40. 332a5371389a8953a96bf09b69edcb6e e46ba4bdd4168a399ee5bc2161a8c918095fa30eb20ac88cac6ab1d6dbea2b4a Mimikatz
41. 8184f24a4f4ff4438dba050b2e3d1af7 c1993735265f4274b81a6edf789e0245f2f7f5ee78f4172101728a324cdd3d2d Backdoor.Gussdoor (Remote Manipulator System)
42. The fourth attack type
43. Files
44.  
45. MD5 SHA256 Description
46. 49ae7d13f43bb04ed31d593787d4e17e 06fe2b7ff6af10cd0ec8395490567f8a0f66d8e083a72f57f18e9ad74dfff727 Infostealer.Hawket (Imminent Monitor)
47. 75e5594c6882704ea2889e3fd758cbbf 6eb3281f5a80223a5b58af20d415453a9013a487c89d89cd7658bb7451902548 Infostealer.Hawket (Imminent Monitor)