In the latter half of 2023, CERT.BY together with LLC “Reliable Programs” detected five waves of phishing with “Agent Tesla” malware. The attacks were organized through email distribution in the Belarusian segment of the Internet. In total, the hackers sent more than 9 thousand spam messages.
The phishing malware was aimed at both individual users as well as Belarusian government and private organizations. The attacks largely affected industrial enterprises (39%) in addition to major retailers (18%) and local government bodies (11%).
The “Agent Tesla” malicious software is composed to steal confidential information and send it to the attackers. The malware primarily intercepts account credentials stored in various programs: browsers, mail clients, FTP/SCP clients, databases, remote administration clients, VPN applications and messengers. Moreover, “Agent Tesla” has spyware functions: it can log keystrokes, take screenshots, perform DDoS attacks, etc. According to the Mitre Corporation, a United States-based non-profit organization, the malware is disseminated by a Nigerian hacker group called “SilverTerrier“.
The IP addresses used to spam from the compromised email accounts were identified. The pool belongs to the Federal Republic of Nigeria.
However, it should be noted that hackers are not always the ultimate beneficiaries. As a rule, they either sell stolen information or use their network of infected computers as a botnet.
In order to prevent your PC or system from being infected, we publish the main IoC (indicator of compromise) of the phishing campaign and malware.
Based on the recorded attacks, the hackers use the following email topics:
- Re: Fw:52896HMD2207128.pdf
- Fw: Re: 94732-PWX-4829401.pdf
- Сентябрьский новый заказ и технические характеристики
and similar.
The texts with the phishing mail messages show some translation difficulties:
- «Please refer to Section 2.3 in the modified contract. We can go to the bank if everything is in order on your side».
- «Please familiarize yourself with the new order and technical specifications for September».
Technical description of detected malware:
Technical description of detected malware:
Registry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Keys:
boqXv LGJKTZa Micosoft Excel 2023 Puaraxso qXYojnj SzvWIzD
Scheduled Task:
Updates\bIURQhWY Updates\BUgrcFUiX Updates\EeDyrEA Updates\EPDvkSUAYNfm Updates\gJgmuiSzwwcmLd Updates\hJQzLIpmv Updates\iIeazVvF Updates\JpVoyJaR Updates\KRSyyRQZFuZI Updates\kYzWufnylQkz Updates\LFIeVDtgsEen Updates\LHmKqmyvOzcJ Updates\LIWITrLJPIX Updates\mNmJROqUl Updates\mNpAFdo Updates\ntCqmxkDhYb Updates\okEuoz Updates\rjRBYSfYRQZ Updates\sualRbfdQVspQ Updates\tHNWDenT Updates\TzCssYPHetO Updates\UOGegcK Updates\wxUdLlKtCNDvWJ Updates\XGbfEmEiplat Updates\YHhxkCEdOE Updates\YNtUhPlqYqvN Updates\yQVTEVQAdSs
Network signs:
DNS:
api.telegram[.]org cp5ua.hyperhost[.]ua crt.sectigo[.]com dmstech[.]in filedownload[.]info fp2e7a.wpc.2be4.phicdn[.]net fp2E7A.wpc.2BE4.phicdn[.]net fp2e7a.wpc.phicdn[.]net host2069.hostmonster[.]com mail.acestar.com[.]ph mail.adityagroup[.]com mail.bharatlogistics[.]com mail.caspianshipping[.]com mail.celtic-interantional[.]com mail.dayanbiotech[.]ir mail.dmstech[.]in mail.expertsconsultgh[.]co mail.gimpex-imerys[.]com mail.goldeneaglelog.com[.]my mail.harisisint[.]com mail.helikhodro[.]com mail.hotelkillabhawan[.]com mail.mggroupfinland[.]fi mail.precise.co[.]in mail.pronethellas[.]com mail.rapidcheckng[.]com mail.sgbumperscar[.]com mail.sonarelec[.]com mail.strictfacilityservices[.]com mail.taeyangmetal[.]in premium184.web-hosting[.]com premium76.web-hosting[.]com premium89.web-hosting[.]com rapidcheckng[.]com sh003.webhostbox[.]net smtp.mailhostbox[.]com smtp.mrc-cleanroom[.]com smtp.yandex[.]com urepower[.]com us2.smtp.mailhostbox[.]com
IP:
104.237.62[.]211:443 131.253.33[.]203:80 162.213.253[.]35:587 173.231.16[.]77:443 192.229.211[.]108 192.229.211[.]108:80 208.79.237[.]170:587 208.91.199[.]223:25 208.91.199[.]223:587 208.91.199[.]224:587 208.91.199[.]89:587 64.185.227[.]155:443 64.40.13[.]54:587
Task name:
C:\Users\user\AppData\Roaming\bIURQhWY.exe C:\Users\user\AppData\Roaming\boqXv.exe C:\Users\user\AppData\Roaming\BUgrcFUiX.exe C:\Users\user\AppData\Roaming\EeDyrEA.exe C:\Users\user\AppData\Roaming\EPDvkSUAYNfm.exe C:\Users\user\AppData\Roaming\gJgmuiSzwwcmLd.exe C:\Users\user\AppData\Roaming\hJQzLIpmv.exe C:\Users\user\AppData\Roaming\HwSBll.exe C:\Users\user\AppData\Roaming\iIeazVvF.exe C:\Users\user\AppData\Roaming\ILKxaCrtLVJJ.exe C:\Users\user\AppData\Roaming\JpVoyJaR.exe C:\Users\user\AppData\Roaming\KRSyyRQZFuZI.exe C:\Users\user\AppData\Roaming\kYzWufnylQkz.exe C:\Users\user\AppData\Roaming\LFIeVDtgsEen.exe C:\Users\user\AppData\Roaming\LGJKTZa.exe C:\Users\user\AppData\Roaming\LHmKqmyvOzcJ.exe C:\Users\user\AppData\Roaming\LIWITrLJPIX.exe C:\Users\user\AppData\Roaming\mNmJROqUl.exe C:\Users\user\AppData\Roaming\mNpAFdo.exe C:\Users\user\AppData\Roaming\ntCqmxkDhYb C:\Users\user\AppData\Roaming\okEuoz.exe C:\Users\user\AppData\Roaming\qcIjlRvntFEwDa.exe C:\Users\user\AppData\Roaming\qXYojnj.exe C:\Users\user\AppData\Roaming\RegSvcs.exe C:\Users\user\AppData\Roaming\rjRBYSfYRQZ.exe C:\Users\user\AppData\Roaming\schtasks.exe C:\Users\user\AppData\Roaming\sualRbfdQVspQ.exe C:\Users\user\AppData\Roaming\SzvWIzD.exe C:\Users\user\AppData\Roaming\tHNWDenT.exe C:\Users\user\AppData\Roaming\TzCssYPHetO.exe C:\Users\user\AppData\Roaming\UOGegcK.exe C:\Users\user\AppData\Roaming\wxUdLlKtCNDvWJ.exe C:\Users\user\AppData\Roaming\XGbfEmEiplat.exe C:\Users\user\AppData\Roaming\YHhxkCEdOE.exe C:\Users\user\AppData\Roaming\YNtUhPlqYqvN.exe C:\Users\user\AppData\Roaming\yQVTEVQAdSs.exe C:\Users\user\AppData\Roaming\Puaraxso.exe
File Name:
R1JJO6o.exe WbQo.exe mzq5fXz.exe wLwF.exe 823KEym.exe GLWghvo.exe sjAG.exe uIBT.exe Scb6lr7.exe Hpvu.exe nKr7zbo.exe rwgY.exe GELq.exe 832c205e98869a4743d66848d2e3c519.exe UKxmT.exe Quote RQ102470.pdf.exe 09097899.exe LjbW.exe tmpu51tsomm Invoice.exe TT Copy.exe VEyP.exe JdjuzhQjWTPa.exe 4896d44c5a38409245c325f61876345a7ee8d8741905af4c0d2910baa2386dbc.exe PI.exe Documents.exe PI 0116710AA.pdf.exe dFON.exe 333bc1da1ebac150e52df580ad487c35d31caa25bcdd8e06dd1579cd6dd86019.exe Edited Remittance Form.pdf.exe jes84iv.exe SOA.exe TT USD 310,011.50.exe s502168247649792833875TTUSD310011.50.exe cDkeHcBPtFoQp.exe opZOU4t.exe 09a4c4066f68ea3dd5f0ca48f85fb76064c4f0bab39ccddf4b8590461d2fa9a0.exe PAYMENT FOR KG MARCH 2023 MEMBERSHIP 125571 MUA USMANI.exe lZaW.exe 00807698487a4db02d91416e1b1b1d4232893eaa8a9053a64f4edcc0f3ed9948.exe Re RETURN PAYMENT TT.exe kFAH.exe DHL-AWB 4532189.exe f54df2996b5822d0fce462c7675e0a9522d05664f45fb278cff05617b8de7b9c.exe partmgr.sys h1xbZbl.exe b6c69de041a70157c59538fbd364f10135a4f4ad1a996397049f346b1ba21eab.exe IMG_Evaluate_AWB_HBL & CHECKLIST Docs.exe imrQNE.exe IMG_Scan0019389921009381-RFQ Docs.exe Scan_0013882982_SKMBT Remittance Docs.exe Scanned_IMG_INVoices- Packing Lst- Checklist- COC Revised.exe Jwhg.exe Proforma_Invoice009_08773737_87272773_999.exe
Hash: md5,sha1,sha256,ssdeep
MD5:
02385183dd3215ffd2ded4d3900b7402 0558114e5a19d5a278da42412228def8 0bcf648aaec668d0f208abd5deb56cad 0a305bbcf827f44eb3ca4452170f9127 0c2adda1caaf03b8cc844683682a33ec 0ce3742a83b378e0a65eacddd104a566 12c1b30f4480bb23be1e4b5a84cf1cca 12d5011fb08fa43f1956d4a446d0a3b8 130797996033b21a4dab499d8e792d6a 15e7d132f73dc92ad39b215e25a0c561 29c22ed1bf240862754610f5d54d3bda 029b0c635d8534567818998c7fd5bd52 0535b224e7070315488a9adae46fe23c 06def5145e60b5cd7f1948cd2ac10199 0700f20f4a59298137bd41d002bc392e 0bd10d738c8079f286d557b044136a7f 11a3b5ce96c128b30e97d946674b0082 1706267f8bdad2a8d22006a2df58fd69 17ab22ed2e156d958fae57c7d5a525f6 31654c69d6ff281613694d10f14040f8 31ccc3afa7d0c58edf25ec1c1e7dc8e9 35b6b59c21fd86b4db84f8b88bd92053 39ac5e8bc6dc0c9d7e552027783bcbe2 4b16c4589ce3211b6f45051b5fb422b0 4b1dffc45d413ba4574db90a95727096 4bad0109f503583bfaf4781332d13890 511c9d491c9041c562e283433a177d67 58095c0a25dadf29ec12cb5fb916d05e 589daee90a43f6605a03d457340c9fcb 5db23387db42e3e166db1df0370010a1 5db28d4344818a50d656831b4d021f24 6459dc2096f79bc16d8abadb7e6c7694 64d5b88fd140d58e1aa8c535c29eb079 64f3243b86dab2bedfe92cb529a67823 6f32d6bf1fb3ee91879e0702657d08d5 7004f27bec4de492e186c4b7f5d4d73a 7a3bb6d3030ff7c165543f0c687011dc 7ca21c3c3675e6f031f5dbdbd734fbb1 811c544d8d294f2be1d8aa38a99b31c1 88ffd9d3c31f0551e5723caf62346402 9b8a17fc843b9f389d377594cffb85df a357440a89cac3dd530b57328ccc5193 ac65ba76ea8111f9f8cdcb4a8455aff2 b001f670e15c5c2a6bed78c04e0162c1 bb6277523dc560cab1a9008807fcccd4 bb92e7ea4ed8993efb04232cc975d775 beb3a6037cbcd3ac4add192e99449ad7 c29abab6768852ca893ad2ddf7243e40 c32a291a5188653b7722c26483ea6536 cdd0fac12ad7f96185181d71647ddb98 d0cb937c9018b39da2417c54d7708287 d4c34b180ce3daa302737b6253b1850e de44a7eba35f14be8c4ddfe03a233e2f e5627ddd44ffe52d6d9d324732d4afe9 e7e3b860f326d45d5e7790664436a726 832c205e98869a4743d66848d2e3c519 86ff9a4580a4c4a2e23f244221cefa7d 870c75311ace0bfc0493e146683aa461 8a2817d5c1871eeb72182f44633e5f54 8d2ca060f4b75019aea5b99a7c475e08 9012d3febc5cc92deff53bce5506cbea 97cbe7032ce890f9479b934f4a0271cf 9aeae85b4a35d42e4017392b34f36ad1 9bf22c6249b33b9a4474663de0391b19 c6f1461495dfd30e717daa083ae772eb aa8d746248b2c88dbaf52998990cbbf2 b0b37f153b0e49780f34bdb8c8691869 b134f378d92e6338d0fd3da28e7eea80 b2f8ea6b5291422d235f751e7cb96b16 b41eec1e28dbc2bb1a98d92a12e7de78 b43a4d2a7a183e86d95d601a706373b4 b73c2bceff83aac337090114d0bcb817 c372b78deaa6e92df39097a59d73fa6f c5f36652ea367c1f5dd50769537e9290 c62b39ae90f6c2067e621ae1d5351061 c647882478f1a6444655cb18f24b2114 c7965c347bd45f529a0244948e63c1c0 c7f69776c0b76d53cb106a65f082629f cad6c6aa0b0e287f2b8f546506879f47 d53689ca2b3ef5ad84921b2894468ff8 d9e811c5106c17f981dbd332430be485 db1409ffcfa26228df0e916d92e7079d dd9ce0c709d0100c6852baf924ecbf7f dfadbc955569424735b58044fb3179dc e5c6f36e7b331f5c169531adb4e5cde2 e83386f8091b142824ace6961b5d4438 e9d7c998bcb0dfb161b4d6367ad6a2c0 ea85108dcb165a17954de6b89a44743d f1513d1e733fbc31f23ea37ed525e8a0 f2cb43d22337695bb278796a6920df98 f431308fca646efb5cf01b3ffa99d038 f71247ef512d93cbbdf53b53182055d9 fdf5ef3e54e01a42c1bd45e34917a20c feb570bffcd8d8ac2065edfa8117217c
SHA-1
003d47bd500de6ed3bdb5c301870f9c9af1e8233 0959cbf6355194f21076fd3ead0a601a3207f79c 0d5fd717cf92b52c83007fbf58829c3d07fd2a84 112b7681b3b26b0760cb4e226b02f0da88c07bea 1808257e8d2278506967a96bc767582becc1525c 1ddbd5c6b3000be23c2b56cf63b3c992ad2405f4 26508faeaed7eb58ce628636070d453208495896 293cd757b6cef6016ffd9f77b7c3b892dc275b8f 2a9c0edf6fab38b3d66d9cb968eb5775a01765b8 2b60d36184571a1bc35c335ab8941c2bdc7f02b2 2bf80e220c53463073ce1c27c65d0750504dced1 31d23af663ece92b45d2c71a58388b34983dad60 323a63208cacab6f510bccb78b183764e7a2caf2 39804276cf92db3776b8c1cf2f0575f867237d15 3a916fc3f0390897b298055e6bad12a6906624a3 3f3fbd603ca497084596f1b5a68f1630ff44d76e 3fd4ac949084957b803726d4e7620ed5cadf66d1 49d495bcd4a58925a709be90b8d4aa071fa954e8 4a7f954ce4cdd316e9fd938aee91f1ee86b27b71 543a6763009084a470a0406564eff292cf87b75f 5681b2e6d47995a8034d81882981d3bfa71c9f37 597b2cc0af549c2d503d0b0ae38b6a1bf42bd381 5ca7d4da08c6267eebe239697ccb047558ddd12b 6034be61cf10462fbf4c2ba8d0201a39315cba6f 6227adf385eaf0802a3e508bedfe4c72abbc3cc6 645908165e66e075aa491b73e9754ccc690378f5 69bc5946c1c6973b64327a2ec00103a0f86c8d6d 769d7e3a2fa887468971e94ea2e4ebdbe10a520f 7b1042bd14da1a3f9c6e85213f0c9cf68ec5d422 7c7ae91571500ee223ef40f04f84de1c81d433c8 82c4718a4caa8e544af4258039d091ee8e4eec1c 834a9d8ea8fb0e81acfe30f97cfaafd94dc36e96 874f4ee0742192157e1788586edac8aec07782a8 8a39bebf092cf9bf8a0801f7e6b6608f4f958767 8be4fade5b39c8a53b69e83d2714bc4ec2c70fc4 8df83ed1758f5eaf05dffe4bf8b1ac4b899deb60 8f6ed635e82471e68357749775bb377517052de9 912e0c0965c9836d36e93e91e01da28217368296 95d78dfd69a844307a3e0eaed654841e58cd98ec 9643c89cf69de295cee421cdd4e2f542724ddab1 98073a26a1cef6e3c6be730515e44e134d235ddc 983ea1d5eb41cbfaae29427f6106211b56ff8065 9a945d5bd042b4e62adff199c231e0109688a275 9abb1e7f948105d526245122cebf33b1130ef2e0 9d3fc72680799f2f5663a436858e91668a478d33 9deb926cbdbab4416961a8121185b5632d5406e7 a06df48d928d73be766be87d6bf309d85baefe0f a1147988b9e33214d916b41a0cd47f1c09e6c708 a21c8d01c5150a0cd39d007d7bfabbf474b7a76e a31407e48df775fa82e41b71c22f9bebcf125774 a60977802b36e3a0f9cb6e03b562769c300ba076 ba3861b510bead2bdbae63918e9b08a7be7666d5 bd58477bf8b1dfc83c523ed3b5ddeaa60f4ec752 c5001899f1b2d0d1b5bc548c625cee5a825663b7 cbe74f1cbd5184f30d534ddfaf3ced631cdf586b ccacb5da9959a4430ae0bdc8d9609bd895000214 d0b0eb90dda0bcc57f2093448215993c56db0c73 d47e5c4b893480486932190052ce154ccdbe14ad ddf69664a112bda3b0b033f3ffe7804ceb99b7b6 e5ab5bba2f03196196e27e7dae50736dad789077 eedb50fc8f501104eb81f2389994b79c7c6e1c98 f356dc9627b204490c37d59cbdb5b80f8051568e fa4a625dd405a5ede08f39673f4580b7a4164ee1 ff6f92c45bff15017a7840c05f75c0d5a72c9dc9
SHA-256
00807698487a4db02d91416e1b1b1d4232893eaa8a9053a64f4edcc0f3ed9948 07e4041c5c6f723155aaed3576af605dedd39b26931648918af53af03fc6bb0a 09a4c4066f68ea3dd5f0ca48f85fb76064c4f0bab39ccddf4b8590461d2fa9a0 0a64a4c6116b5c502fdd2c824a3d57e49c8e8bf657a0f5124efd1635a749b418 1d03362107576c4ebcd1c282425e4a7f46a9749d7df874e7005a7cf23b1cc40e 1d4b9fcac7847041d291d99e7c7bf9ec6d9b240cb06b8e9b4e92f289ec6b0e59 251abc34a41e32fbd9a14a8bd4898270aa248c66ce1cde96673eed6d8c2c4980 25ed66335a82f70ae9980bb3f4635398c537b294eeca7728d5994ce9b266ca12 2743ed82252fc5c06c1696d961a2fd9ec7e1a49f085b08f6d88ec554707d9e0c 2909eec674cd7e9bc38e581262b2054af96d5177cf2208334eb79d6622eb1f56 2facdebbe02f422425a91e25c917696c73a58ba4dddfc6bd9b7eecc7a8ec22b2 333bc1da1ebac150e52df580ad487c35d31caa25bcdd8e06dd1579cd6dd86019 3fe67d3a6b4bd8fe9b79ca73f3ec832a093005e8059a9f22e4cceb6ed7bb50c4 4896d44c5a38409245c325f61876345a7ee8d8741905af4c0d2910baa2386dbc 48d71e4f7500366d3acb5d62ff981aefaf8cc2df9b53bccecdaa952645d74169 4915b347c5da6581fce7b9f57c43f2142a6e2b461702b987a7e9e6459badb882 4a9d9999992fbd98bf8f124c29142179daabc702397a1134f7a0d35d6f874670 4b41260da8f93986ca0bac53fd006dd6e17fb94b81960677221ed9ecc63b0eed 4bd728557c59a4ab89a5d3bd881603e69fa41247bab33f22d95404e532b21b24 4c8f6788582a2a95cef11af14434e1ddd02abe8e7b84bddf6d851117a33a4b44 52a48aba16c96af863ce4324d72fcbcb5becbffe00606059bd1e5ade83cb2ee2 5b7fd0a91db03a64277e79fa7e6b8d63674a8a3cabf30c78eaa56c70ba6b3ceb 68885245f115a2444bbd1c0d56c9a8fce55997a22313a2f5ad5a78ad52ee9d54 6b0e8e6683df482c7579f4ba45e062d65af78a2eb8d310bdde706437dab53904 6f5701ea91b5d10465ef8e3d936239e78c332d01a411bb80b6f227d36c36679c 73bf934c0f5f005e09d8b1041de6dcf0782f3d85c9271670d5013a2d0b2f071e 76c862d9ad5c16205ec7ef44d89c59c0c63850079c28cc92c1b48d084d36a49a 7c365193f70697e5ec5c4c116583784d5a7c63b292e97992122e669a76ab1883 8bc3d8ecd9ccbb18b863e4fa17942b94aecb3c6cf0387310ca1c8be46f2768aa 91c4358eb1c2c4d38b2c3e930eff281ab6cf22ae0200e4dfa49725fd4657e9f7 96c24ab2dda4a9b356015f223dc667600f7c347a1558204965bd11d8206f6932 979cb4f82ae96d5678dde937b2da53cb4a81e2b6f62878b7b867269ff80c16ae 990f5e52a421bf93d1115cd9e7eaf1f2594f287558931a3af7c908fb59e4bd8d 9b8088bdfac6cdced72f50e8020779923a75804ffd8a8738d2373e97a097f908 9e9271e281e82549c613d3aba4a0603536a63c960bf42c16302f6b7668de0d78 a2d9ef7640e3df2d053c3ffe1d131b7ed21496f0f673be1746421ba706c58bdb a6a9ebeaebc18f630fc9e61aa016056dd03ed517bfd16759019d3dddf057b224 a80234729d0f51db5c44b1b7c198f64510bd6356876d99ff2acf36a8f9902807 ac04f04d01ae5428a8017be37d7d1352ad3212852c259d1a0e2f775969ecc36c ad4199f721f7d5d8bbd9b53a4923752581a77f725aadae553cd274b1797757b0 b169c89059fd8e7720649e4b059a6212e2a58c77ca70eb9f3280d9d783badec5 b30515ab40d5b3bacacbebe3eba858c99a92357b6f242bd7d04533daed671b86 b5179b99b8fe528b18a4bc2c3d7a0498e2f9950c7471c10c88b059e1fdcd64f8 b5978c0f3d5bb9169425ac3b141e6f197fdff05be6adf8d5753bed0ef86eb285 b6c69de041a70157c59538fbd364f10135a4f4ad1a996397049f346b1ba21eab b787dbf1c687f46ccda17b83731f77fcc712f02ff62340444e5cef03f5890cc5 bbb9a417f02e708434b3737c20a59fa322c15b170be8befed9167c2f5573f2f0 bff6dd069ce9b075dbd570110617371790145b8d948439ccce8603e607491a01 c62387aedb40bc35b81b01ad017fd0520f50bcb4451715e3d92cced582d295c4 cbabe9d8d2218ede4d631e216f8e0fbe7efab01ad9f52dc2652df994f7950922 cbcef39f086d442ff02882b05b92a3f0a00b1fa6b827e5727170dd6427b28591 d9528ed37eea4a34bb86160de3f7a04a6a5c31bfb7c279b5a44852882b80cd90 debf17fce53e995592cb2766c148ef81bb59a117c215ef574aacbb8e5c87a623 dfc7cfd797991655b1965e57df68854c240ba45f980d7afa1643809a0ba82e93 e0b8c5c5f1fcfd52dffabc78f9ce5dedc8598ec30736ec30308cf5b2d4dc4801 e2534d30e234eec7b5b73158ad985943bb889447b74d71e7ffdc2c9cdd2fce95 e44909d74d74294240a22cf582583e73e11ed097d32a32470ad5a354ba1b2dc6 e8b4e71259173ba44bccab1f062a33e5838d5366c1fb43f941344ce4decda569 e9619aa4afc2131ae3ec5a214ec9b11acb8fcdbcbabaa2f98f4fc1c7d8ca8f1e ea3574bfe04022edcc9d4383c01c90542d16b172662193af5d9daf968797dd04 eca985353e28beb10e3487319d73a8404ef3dce1416797f02f3ac501cec88ae2 f0fb7c5a69ed00b05826d3d022ff40e7c51e18396306ee11882428c161055f9f f128c12c1f7a5f1d321e716497c03def8bc09e6efb47fa900f134a81559d3ffa f454181d3fc5731720032be59bd73ce592d65d916e747ff92987c5bed95b7722 f85eee48a83f5476bcd38bcddab53fbfc818d591c07e1c01fd73934a21f9ca7a
SSDEEP
12288:CkrcHD2rnMEbg439qBad09sWxq9HRwHLsCl:7AHD0M+gKqBai9/xaRoL9 12288:L/ef6v11QJ/oz9FN3rBUYQVHsdoCdSkahMM:jef692J/s9rqNCPah/ 12288:7eFEnHobVYDexYXbR8anV2X/clGQrnURro3BxXcCE+tM5qK:+EHtDeoeUGQKrWBmGk 12288:1I0pW48+hNknKT7GJejOtysczjLdhys//HzrgML3OEfKvajdC8QiLfliadEIPiX9:C617GJrYvXLdhys3TrgMrOEff5C8QiLM 12288:HeJ/sIVrKh1c4wcC6gSBijQa7boWsADaOJPjg4BrlFF0I19jimOMt+t:7saxBSZkSu2L3nF0MimX 12288:sEC8TMXbuLiq9hfB6HwfehKps5LNUhlNYEJFUA53euRX/u/4d:i8Yu2q9hfB7fehKulSlNPJuAnRPF 12288:nrEXv+0QeN4d2iNwnMJvqGQeQoikMVplzesCewXKJR6qNajCH:yv+0QeOd1zJ3Q86esTwXKJR6EfH 12288:VLvJRBusyKeufHM1c0+Wv1MJWKaNsVF+5TTrI6tG8aEGirYB/Kn+8s:9FurufHMsUMJWx87IG8aExYB/a+P 12288:vOnbqjc9mOF71Apfi0usZHd2ak2vghmYhmDWnBo2+Jsy:vJQPeBiKDpvghxhmyAsy 24576:xsMSz4oqtmaMwSBO/hGFe+U5/7hh3pcFYhyDHfIGjGX:3SopN+O/773pYHfI 12288:2tzX+UwYSuNKR0f8gr2qRCUQgIUwj7OOl/QBB1BCCIsB:2tzlSuNKR0f8gr2qRCngIFa4+IC 12288:2UcELghXN2VmIIJ1Ld0h2yGklq7N0FReS3eB2UhRcOJ5c19:2UcjYhInqh2Kc7N0CSuB25y 12288:42iNZ1DQGw5bCPLD9b+IMULBhGTT48LT9p2m7uzqhaI79Jm0T3U:41pDQGw5MFZMUNhyJL5pF7ySaI+SU 12288:4NwEx2iNRQ+yHaijjN3bwFa9iYKMvJvId17MLOOurqLJL03Qu819UTkFtutZxVd3:Wwk1E7uJYNeCOONLS3Qu4KTkP2Lj 12288:5yQaMFM0Mvxv9o/zyTiSJqA0ASn9T+IJbP2AnsjxMXjiuog+Wg53c5y:5yjv9u/2TqAQ9/SAnsjyW0O3c5y 12288:6Vj3hLQvfdxOo7gpXtrFFF725nkt+1xNx6gQxtP24TTdvzVdrTPrCPDYXiBQTjcz:oFMt1xG3tP28NTPWcsQ3cIZEIY7r 12288:a6Rc7nGYV/IwdX4MVY0gjtCCPL4NkxOhSdn/Vk5c6/gs1V:/YnGw5V4Mi0b+6kys/y 12288:ApJLFFpvgnr1DeCzg4qoTMw6idj3PZlDoW5l3gyPMnCoj/UhWQRuxEwLwaP:kpFpCr1SCE412W7nwC8OWQmTc 12288:BUVv25w+7B+tF2d1mbTeFpdVVDfFeCBsnjGv84682UKp1oJYp:Bd7Bw94jDw9CUp82fpGJYp 12288:cyB0wZFqCDiX1KdIgIBu8kDd7TCpRYmlwR4SZ+3x:c3mROX0IBKDd7TCDRlw4Sc 12288:dfur0YLiIDgaQQM1u1SSScOPCaGbC7x5k2/GxBCNb:VB/Iq3WSSXOPLX2BCN 12288:EpMtIbDl+CgmptVPOhVeKzsIiKRZM3tK4fydfElxnuAXTn6W5h:QMibOhEFKwK4qdEu6t 12288:h5M+7tb4kDSWlmJ31L4/ziJEoVqdVUXLOu+0pXYCzd2yAjIynhCGnpOKWA:Q+xb4kDpYJIPsOSxwj/hCGUJA 12288:HldQ8OBAsjDhTMS/XVQja/ULgR/mZRM+q:FG8OhjDJMS/0sULgkZR5 12288:IDWNWxTMYFUaVPOjScfwqFeZp/rpPBj34id8zlqw7ZTv:I6NWxTMBaV25OZpdBqV 12288:iIkj1NFGzPjCH/rnMevqRdK6Q4/CBXJKLfZT9qxfpvq1LL8uphr6DD9gqzefE:iIkj1kbCH/rntCdQ4/CQLfV9qxJqZPh2 12288:Iqqpoa2hmb5qoXyLETdWW3qPlVLXkh/5GYol5:IN2hf+ys9EIhhy 12288:jUTL7gVy9/XuFw7w55gAk1hRDAuGVAIxAU9XK1ZTP7r9r/+ppppppppppppppppF:QTL7gVS/Xuc2Eh5DGVBgZ1q 12288:kFRc71G14i59iu7S7bxJVLcZwA6oxTkz9SCjUPXWH503tPgDoaN94bw58bYnk7Nt:6Y1GCQ9x7MtJVLcH62+4IZpUwnkRt 12288:LmeGzLFP/P5sdeYeAElPmgDB6aEX0z6eM0A1MasHDBqPk:LMLFvydeYe/MaEkzxlA 12288:MGwkpAcrlJl1cD5hHse7Fdpb2Px57GXJ8VCv:p3pAUU1BTpc/C8M 12288:O8zS55mFzuxVr7Cs5L8q4hgG/W15wZwPebHqwvlKY3C+uItlP2e:Of55q4pR3EgTwuhwvXC+uItt 12288:OjucVcS1ds8InJ+gSu6M61VaJz4BZAGe0qQortpPjDfvOuQN/FlK:wuc+OdsygS9M61szCy5ptdjDuF 12288:owyPYyVFdCpG1Odk6jJ3NdS2DJ7FW4+++rYNTbpSDLz:oRg+Fd5OmUJmKJ7FaKe 12288:q67uQVcggNwvVMALbmmoBVdD/MB0CAtHjklVqLGljcyfS0B7yew9BpbsbNJjbQiX:/uQ+3NiOUmjV1/oAtDkDq6cyfSkjb7 12288:QWkpdK4KA//7nG12rvquqN32EEirBjd+Q/EZIzZqoQC4DwbYGbw5N+eNjj:Xv4K222rqDN32EEidgmsiZTQ7Dw0P5J 12288:+r9jLoMXUkm4FeUvkyNTr/0QpOyUMZ3aDJFZEVeMG:J7yeUh0QpYMZq/ZEU 12288:rBwEx2iNC9iugguqTDrFU+Mu134WMtgSKzaUQiJL:lwk1E9icuqTHyu1IDa3zsi 12288:RdmC0h+Og6CCgyCpoXD/3uU02aJhm7JHfE116eLucWHUmJ/JP:RdhS+l6xgxiz10cVsie3 12288:RwrPtrlHjVOhefWnE29FPcAqox/P8XHyf+Ivtln0POehoAp:RetrlHjMhd//Eq/0Xy2cn0Wehn 12288:thWnIb1wkEwN8A1/l76qrV1Zngxp9b0BQeZKfuyx75qwi:yIb93G4N75rDmxrbf 12288:Tlil3mOjdKS/JI9fTgIqZyTolZl/ZLvbM4QTsCR:Ji4idKuJIlTgZ0TolNbMvwC 12288:TS9IXRtjsjxZwbwyFexlPn5H4F9GXGKS4qBwNTYpIfdOvnhJ4Hs1:RFYNnK9GXyFwNUpqOnhJ 12288:WreHdgAA6Xa/mRiIfVYwiS8bDi4Md0My2OFTJ+Jk6EZKRD84LgsGMHy:WreHdgTuR1mvDjfFT4Jngg8hsGM 12288:WYRc7IGb2tezH2LLjJsdMvL93r6m4Ke7ygV3G+LR6W7rw:FYIGqte72LG0L9g7ygV3G+d6W 12288:ZSTpstlWkkAQR+XbSvLsIx4cs1iz1Bz9Bom9nnEQ/3+Plnl2inIX3Pm6oAB6:Z4pi0AQRCbMsIxp1BpaSWN09PLI 24576:DJIkfrIkf16YV3U70kc2q+yoV8lxsI140:xbl3U70kcT+/Slxx1 24576:h7PIZLzcOtTfYUBXA19qQs5bhTxVUxXExaLoagYqCxjSNGYfpBhtD/XE:wHcOtsUBXCmNTHUGyUCxbY3X 24576:Lp2+Bhr41cLrkY6B9VUaINhHE4tNmXIVkGYfpBhtD/Y:+cs9VtINhHE4nmXIxY3 24576:q5qH75Zu5CX+2TyXqdoKTeIThVgTKNTyasaog9U+e8n5+I8YP3WaR6WormwomYW/:qmo5UNy6pTPmvg9G8K63WI3oTo9WwOhA 24576:Swk1wFjg29/hmFKBReBtPubPYqO7Mfu67AXID/FMNU:1kWFzhyKBRItPucqOQfn7AXo6NU 6144:DYSaNW4uMVVrz+01Rn36mo/BOkfUCzRdLZdDv0yvEoDwtKbh7UwFhpgdf:faNF9VVrKGqmo/oksORdN9vvMw6Kbid 6144:Jf4NOk8oV/BR1z/8XIppg4P/l27t9mrvlRlOYADKgt5Q1OW4kXQAN2Tr3+oUSWXh:hi+9m7H2RqF4kXQf7WX42Yu26NCc6P 6144:RZrRaPBy7/ROrlMC0UvzW1Oqu3+mKXJnhlbsj15gGczQ2ceDBwe5sV5QNus4lU6C:vRN9OOPn1uOflbsj1Vb24BnFE 12288:xo0ZKHdWaClVU1e/1/yMLHNmirb3FQqUCd2e5M1YFqTpEh1:xfZmX1e3zXrb1QqUCRqTp+ 12288:D3eL82i2iNbDN25Tph18zehyPduxBdZPMFbGtsP30omwHlYSatgFkbdyVgh2eVvl:D3TV1aTj12LundZMZG6P3ewHlHwguf 24576:e+12zVZ97VL7N9Eapjbj6UsgkfE7b4Z1bQkv65:DAR37HPe6GZZ/ 12288:um4/9WflU/9n7El601352HXhSiXopz6L8a2n/nBL6eckiFpfT:f4ylUmB1J2HXt0n5Lb+fT 12288:p9H91vfet47ULlR4ZWTIiSKPQVTzLaef:rH91JmFIijPQJ/ 12288:/PniI0pW48+hNknKT7GJejOtysczjLdhys//HzrgML3OEfKvajdC8QiCfliadEIY:/Px617GJrYvXLdhys3TrgMrOEff5C8QU 12288:23n5uw8wo1Ujoj0xkIg5LGInWMZLQw8I6zB4Xt1EnvC:Muw8wo1UjojygaeWKLQw8IN91Y 1536:/p7AyxzT9leZd34Ct9S6RlEL9LMKigeu/m+Su3O:/p7AQxoR4swASLZm1v 12288:sAZ+uNIkegET9jsIBMNjnNNOhAe/S0eE+tM5eo3BxXcPVmSKkqqI/dCTdsgzWeSr:HCTsIBMNjnNNOhAe/S0KpWBm9m9k2kd+ 12288:vYzZBEP85/UkFMfNzH1G7xFkSNj+4i3xNE7PoPMI:w9BEP8L+NzHHNb3x7Pn'|sort|uniq 12288:1I0pW48+hNknKT7GJejOtysczjLdhys//HzrgML3OEfKvajdC8QiLfliadEIPiX9:C617GJrYvXLdhys3TrgMrOEff5C8QiLM 12288:23n5uw8wo1Ujoj0xkIg5LGInWMZLQw8I6zB4Xt1EnvC:Muw8wo1UjojygaeWKLQw8IN91Y 12288:2tzX+UwYSuNKR0f8gr2qRCUQgIUwj7OOl/QBB1BCCIsB:2tzlSuNKR0f8gr2qRCngIFa4+IC 12288:2UcELghXN2VmIIJ1Ld0h2yGklq7N0FReS3eB2UhRcOJ5c19:2UcjYhInqh2Kc7N0CSuB25y 12288:42iNZ1DQGw5bCPLD9b+IMULBhGTT48LT9p2m7uzqhaI79Jm0T3U:41pDQGw5MFZMUNhyJL5pF7ySaI+SU 12288:4NwEx2iNRQ+yHaijjN3bwFa9iYKMvJvId17MLOOurqLJL03Qu819UTkFtutZxVd3:Wwk1E7uJYNeCOONLS3Qu4KTkP2Lj 12288:5yQaMFM0Mvxv9o/zyTiSJqA0ASn9T+IJbP2AnsjxMXjiuog+Wg53c5y:5yjv9u/2TqAQ9/SAnsjyW0O3c5y 12288:6Vj3hLQvfdxOo7gpXtrFFF725nkt+1xNx6gQxtP24TTdvzVdrTPrCPDYXiBQTjcz:oFMt1xG3tP28NTPWcsQ3cIZEIY7r 12288:7eFEnHobVYDexYXbR8anV2X/clGQrnURro3BxXcCE+tM5qK:+EHtDeoeUGQKrWBmGk 12288:a6Rc7nGYV/IwdX4MVY0gjtCCPL4NkxOhSdn/Vk5c6/gs1V:/YnGw5V4Mi0b+6kys/y 12288:ApJLFFpvgnr1DeCzg4qoTMw6idj3PZlDoW5l3gyPMnCoj/UhWQRuxEwLwaP:kpFpCr1SCE412W7nwC8OWQmTc 12288:BUVv25w+7B+tF2d1mbTeFpdVVDfFeCBsnjGv84682UKp1oJYp:Bd7Bw94jDw9CUp82fpGJYp 12288:CkrcHD2rnMEbg439qBad09sWxq9HRwHLsCl:7AHD0M+gKqBai9/xaRoL9 12288:cyB0wZFqCDiX1KdIgIBu8kDd7TCpRYmlwR4SZ+3x:c3mROX0IBKDd7TCDRlw4Sc 12288:D3eL82i2iNbDN25Tph18zehyPduxBdZPMFbGtsP30omwHlYSatgFkbdyVgh2eVvl:D3TV1aTj12LundZMZG6P3ewHlHwguf 12288:dfur0YLiIDgaQQM1u1SSScOPCaGbC7x5k2/GxBCNb:VB/Iq3WSSXOPLX2BCN 12288:EpMtIbDl+CgmptVPOhVeKzsIiKRZM3tK4fydfElxnuAXTn6W5h:QMibOhEFKwK4qdEu6t 12288:h5M+7tb4kDSWlmJ31L4/ziJEoVqdVUXLOu+0pXYCzd2yAjIynhCGnpOKWA:Q+xb4kDpYJIPsOSxwj/hCGUJA 12288:HeJ/sIVrKh1c4wcC6gSBijQa7boWsADaOJPjg4BrlFF0I19jimOMt+t:7saxBSZkSu2L3nF0MimX 12288:HldQ8OBAsjDhTMS/XVQja/ULgR/mZRM+q:FG8OhjDJMS/0sULgkZR5 12288:IDWNWxTMYFUaVPOjScfwqFeZp/rpPBj34id8zlqw7ZTv:I6NWxTMBaV25OZpdBqV 12288:iIkj1NFGzPjCH/rnMevqRdK6Q4/CBXJKLfZT9qxfpvq1LL8uphr6DD9gqzefE:iIkj1kbCH/rntCdQ4/CQLfV9qxJqZPh2 12288:Iqqpoa2hmb5qoXyLETdWW3qPlVLXkh/5GYol5:IN2hf+ys9EIhhy 12288:jUTL7gVy9/XuFw7w55gAk1hRDAuGVAIxAU9XK1ZTP7r9r/+ppppppppppppppppF:QTL7gVS/Xuc2Eh5DGVBgZ1q 12288:kFRc71G14i59iu7S7bxJVLcZwA6oxTkz9SCjUPXWH503tPgDoaN94bw58bYnk7Nt:6Y1GCQ9x7MtJVLcH62+4IZpUwnkRt 12288:L/ef6v11QJ/oz9FN3rBUYQVHsdoCdSkahMM:jef692J/s9rqNCPah/ 12288:LmeGzLFP/P5sdeYeAElPmgDB6aEX0z6eM0A1MasHDBqPk:LMLFvydeYe/MaEkzxlA 12288:MGwkpAcrlJl1cD5hHse7Fdpb2Px57GXJ8VCv:p3pAUU1BTpc/C8M 12288:nrEXv+0QeN4d2iNwnMJvqGQeQoikMVplzesCewXKJR6qNajCH:yv+0QeOd1zJ3Q86esTwXKJR6EfH 12288:O8zS55mFzuxVr7Cs5L8q4hgG/W15wZwPebHqwvlKY3C+uItlP2e:Of55q4pR3EgTwuhwvXC+uItt 12288:OjucVcS1ds8InJ+gSu6M61VaJz4BZAGe0qQortpPjDfvOuQN/FlK:wuc+OdsygS9M61szCy5ptdjDuF 12288:owyPYyVFdCpG1Odk6jJ3NdS2DJ7FW4+++rYNTbpSDLz:oRg+Fd5OmUJmKJ7FaKe 12288:p9H91vfet47ULlR4ZWTIiSKPQVTzLaef:rH91JmFIijPQJ/ 12288:/PniI0pW48+hNknKT7GJejOtysczjLdhys//HzrgML3OEfKvajdC8QiCfliadEIY:/Px617GJrYvXLdhys3TrgMrOEff5C8QU 12288:q67uQVcggNwvVMALbmmoBVdD/MB0CAtHjklVqLGljcyfS0B7yew9BpbsbNJjbQiX:/uQ+3NiOUmjV1/oAtDkDq6cyfSkjb7 12288:QWkpdK4KA//7nG12rvquqN32EEirBjd+Q/EZIzZqoQC4DwbYGbw5N+eNjj:Xv4K222rqDN32EEidgmsiZTQ7Dw0P5J 12288:+r9jLoMXUkm4FeUvkyNTr/0QpOyUMZ3aDJFZEVeMG:J7yeUh0QpYMZq/ZEU 12288:rBwEx2iNC9iugguqTDrFU+Mu134WMtgSKzaUQiJL:lwk1E9icuqTHyu1IDa3zsi 12288:RdmC0h+Og6CCgyCpoXD/3uU02aJhm7JHfE116eLucWHUmJ/JP:RdhS+l6xgxiz10cVsie3 12288:RwrPtrlHjVOhefWnE29FPcAqox/P8XHyf+Ivtln0POehoAp:RetrlHjMhd//Eq/0Xy2cn0Wehn 12288:sAZ+uNIkegET9jsIBMNjnNNOhAe/S0eE+tM5eo3BxXcPVmSKkqqI/dCTdsgzWeSr:HCTsIBMNjnNNOhAe/S0KpWBm9m9k2kd+ 12288:sEC8TMXbuLiq9hfB6HwfehKps5LNUhlNYEJFUA53euRX/u/4d:i8Yu2q9hfB7fehKulSlNPJuAnRPF 12288:thWnIb1wkEwN8A1/l76qrV1Zngxp9b0BQeZKfuyx75qwi:yIb93G4N75rDmxrbf 12288:Tlil3mOjdKS/JI9fTgIqZyTolZl/ZLvbM4QTsCR:Ji4idKuJIlTgZ0TolNbMvwC 12288:TS9IXRtjsjxZwbwyFexlPn5H4F9GXGKS4qBwNTYpIfdOvnhJ4Hs1:RFYNnK9GXyFwNUpqOnhJ 12288:um4/9WflU/9n7El601352HXhSiXopz6L8a2n/nBL6eckiFpfT:f4ylUmB1J2HXt0n5Lb+fT 12288:VLvJRBusyKeufHM1c0+Wv1MJWKaNsVF+5TTrI6tG8aEGirYB/Kn+8s:9FurufHMsUMJWx87IG8aExYB/a+P 12288:vOnbqjc9mOF71Apfi0usZHd2ak2vghmYhmDWnBo2+Jsy:vJQPeBiKDpvghxhmyAsy 12288:vRi6eKqnAoRE9q54Z24JnCezgqB/WmpDFpuhKldT/j:tqnv54ZDCNqB/WWppuwldT/j 12288:vYzZBEP85/UkFMfNzH1G7xFkSNj+4i3xNE7PoPMI:w9BEP8L+NzHHNb3x7Pn 12288:WreHdgAA6Xa/mRiIfVYwiS8bDi4Md0My2OFTJ+Jk6EZKRD84LgsGMHy:WreHdgTuR1mvDjfFT4Jngg8hsGM 12288:WYRc7IGb2tezH2LLjJsdMvL93r6m4Ke7ygV3G+LR6W7rw:FYIGqte72LG0L9g7ygV3G+d6W 12288:xo0ZKHdWaClVU1e/1/yMLHNmirb3FQqUCd2e5M1YFqTpEh1:xfZmX1e3zXrb1QqUCRqTp+ 12288:ZSTpstlWkkAQR+XbSvLsIx4cs1iz1Bz9Bom9nnEQ/3+Plnl2inIX3Pm6oAB6:Z4pi0AQRCbMsIxp1BpaSWN09PLI 1536:/p7AyxzT9leZd34Ct9S6RlEL9LMKigeu/m+Su3O:/p7AQxoR4swASLZm1v 24576:DJIkfrIkf16YV3U70kc2q+yoV8lxsI140:xbl3U70kcT+/Slxx1 24576:e+12zVZ97VL7N9Eapjbj6UsgkfE7b4Z1bQkv65:DAR37HPe6GZZ/ 24576:h7PIZLzcOtTfYUBXA19qQs5bhTxVUxXExaLoagYqCxjSNGYfpBhtD/XE:wHcOtsUBXCmNTHUGyUCxbY3X 24576:Lp2+Bhr41cLrkY6B9VUaINhHE4tNmXIVkGYfpBhtD/Y:+cs9VtINhHE4nmXIxY3 24576:q5qH75Zu5CX+2TyXqdoKTeIThVgTKNTyasaog9U+e8n5+I8YP3WaR6WormwomYW/:qmo5UNy6pTPmvg9G8K63WI3oTo9WwOhA 24576:Swk1wFjg29/hmFKBReBtPubPYqO7Mfu67AXID/FMNU:1kWFzhyKBRItPucqOQfn7AXo6NU 24576:xsMSz4oqtmaMwSBO/hGFe+U5/7hh3pcFYhyDHfIGjGX:3SopN+O/773pYHfI 6144:DYSaNW4uMVVrz+01Rn36mo/BOkfUCzRdLZdDv0yvEoDwtKbh7UwFhpgdf:faNF9VVrKGqmo/oksORdN9vvMw6Kbid 6144:Jf4NOk8oV/BR1z/8XIppg4P/l27t9mrvlRlOYADKgt5Q1OW4kXQAN2Tr3+oUSWXh:hi+9m7H2RqF4kXQf7WX42Yu26NCc6P 6144:RZrRaPBy7/ROrlMC0UvzW1Oqu3+mKXJnhlbsj15gGczQ2ceDBwe5sV5QNus4lU6C:vRN9OOPn1uOflbsj1Vb24BnFE
The preceding facts give CERT.BY reasons to recommend the following:
- Beware of any email that is to make you open attachments or click on links.
- Pay attention to letters from individuals or organizations that you usually do not receive emails from.
- Be cautious about emails from organizations with which you regularly interact.
We also recommend checking information systems and PCs for the indicators. We also advise you to follow our recommendations and stay tuned for updates.
In case of any signs detected, please report to support@cert.by.
For convenience and timely notification of news, subscribe us on social media:
