Credits : Research by ExecuteMalware
Indicators of compromise
THREAT IDENTIFICATION: AGENT TESLA
SUBJECTS OBSERVED
FW: RE: confirm bank account
SENDERS OBSERVED
withanya@teikuro [.]co [.]th
MALDOC FILE HASHES
CONFIRM YOUR ACCOUNT_PDF [.]UU
f81c3488a4d9e51fbf68ea591b35719a
AGENT TESLA PAYLOAD FILE HASHES
CONFIRM YOUR ACCOUNT_PDF [.]exe
74173b957e2e703074eef531996348c4
AGENT TESLA ESMTP DESTINATION
mail [.]jumatsedekah [.]com
https://101 [.]50 [.]1 [.]12:587
ADDITIONAL URL
http://bornforthis [.]ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish–goal-6B711D1EC6B765989791BAB1375373A5 [.]html
SUPPORTING EVIDENCE
https://www [.]virustotal [.]com/gui/file/8b2e93f410996ef2b5eac9cc2d686657cb401081ba41f9df156930e16da7723a/detection
https://app [.]any [.]run/tasks/e8ee160d-9097-4202-a2e2-173eb5d2305e/