API tools faq
paste
Advertisement
Bank_Security

Malware Campaigns Targeting African Banking Sector

Bank_Security
Apr 14th, 2022
13,553
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.05 KB | None | 0 0
raw download clone embed print report
  1. INDICATORS OF COMPROMISE
  2. HTML file:
  3. 9af5400545853d895f82b0259a7dafd0a9c1465c374b0925cc83f14dd29b29c5
  4.  
  5. ISO file:
  6. 7079ff76eb4b9d891fd04159008c477f6c7b10357b5bba52907c2eb0645887aa
  7.  
  8. VBS script:
  9. 43aaa7f39e9bb4039f70daf61d84b4cde2b3273112f9d022242f841a4829da03
  10.  
  11. PowerShell script:
  12. 0407eab084e910bdd6368f73b75ba2e951e3b545d0c9477e6971ffe6a52a273a
  13.  
  14. Encrypted GuLoader shellcode:
  15. d681b39362fae43843b1c6058c0aa8199673052507e5c500b7361c935037e05e
  16.  
  17. RemcosRAT Payload URLs:
  18. hxxps://onedrive.live[.]com/download?cid=50D26408C26A8B34&resid=50D26408C26A8B34%21114&authkey=AGW61DvT-RT_FRU
  19. hxxps://www.dropbox[.]com/s/veqimnoofpaqmx1/rmss_umUIGF84.bin?dl=1
  20.  
  21. Encrypted RemcosRAT payload:
  22. 5d45422cf2c38af734cee5a5c9fa2fef005f9409d5d5b74814aea1a5f246835d
  23.  
  24. TYPOSQUATTED DOMAINS
  25. The following domains were typosquatted by the threat actor to impersonate a credible and legitimate organization and do not represent a vulnerability affecting the organization.
  26.  
  27. Typosquatted domain 1 afbd-bad[.]org
  28. Typosquatted domain 2 afdb-bad[.]org
  29. Typosquatted domain 3 afdb-za[.]org
  30.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!