Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #AgentTesla #RAT #AutoIT
- ---------------------------------
- 30-01-2019 IOC's
- ---------------------------------
- Main object- "bbd7a491a5de8eb1e0a9ff448dab91e1c042449ac29890ebb90ed21cd969ea28.bin.gz"
- sha256 c0bcd244f20a29f11ff03a8faa8b8d79e79c6b8f56fee400a824f0bb335d021c
- sha1 31cae65cd2e24244adb015db49d55b0ec92d0a09
- md5 5da4a17d6760acc711410a93306781e0
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\window.exe c34548ad7bb07b8424d5740f1858d64ba8b90ccfd8070978dd07054bb83d46e3
- sha256 C:\Users\admin\AppData\Local\Temp\72358207\qpf.exe 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
- DNS requests
- domain mikrotik.com.pe
- domain checkip.amazonaws.com
- domain smtp.zoho.com
- Connections
- ip 192.95.56.38
- ip 52.202.139.131
- ip 204.141.33.201
- HTTP/HTTPS requests
- url http://mikrotik.com.pe/gestion/inc/fpdf/p/AS23wq9.exe
- url http://checkip.amazonaws.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
