malware_traffic

Trickbot EXE from .png URLs - Thursday 2019-11-28

Nov 28th, 2019
1,657
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS - THURSDAY 2019-11-28
  2.  
  3. - hxxp://185.172.129[.]196/img/ferr1.png
  4. - hxxp://185.172.129[.]196/images/mount3.png
  5.  
  6. SHA256 HASHES:
  7.  
  8. - ebecb12f5f465d369128da60545e0a60e2fab909519f552461062caa77f5960b ferr1.png
  9. - 0a513e828f343bfa6be0a2ef7af2f96a28a1eae4154701dc0bf403f618c747f3 mount3.png
  10.  
  11. NOTES:
  12.  
  13. - The above URLS have been submitted to urlhaus.abuse.ch
  14. - The above files have been submitted to VirusTotal and sandboxes at app.any.run, cape.contextis.com, and hybrid-analysis.com
  15. - ferr1.png is retrieved by Trickbot's mwormDll module on a host already infected with Trickbot.
  16. - mount3.png is retrieved by Trickbot's mshareDll module on a host already infected with Trickbot.
RAW Paste Data