SHARE
TWEET

Trickbot EXE from .png URLs - Thursday 2019-11-28

malware_traffic Nov 28th, 2019 (edited) 1,265 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS - THURSDAY 2019-11-28
  2.  
  3. - hxxp://185.172.129[.]196/img/ferr1.png
  4. - hxxp://185.172.129[.]196/images/mount3.png
  5.  
  6. SHA256 HASHES:
  7.  
  8. - ebecb12f5f465d369128da60545e0a60e2fab909519f552461062caa77f5960b  ferr1.png
  9. - 0a513e828f343bfa6be0a2ef7af2f96a28a1eae4154701dc0bf403f618c747f3  mount3.png
  10.  
  11. NOTES:
  12.  
  13. - The above URLS have been submitted to urlhaus.abuse.ch
  14. - The above files have been submitted to VirusTotal and sandboxes at app.any.run, cape.contextis.com, and hybrid-analysis.com
  15. - ferr1.png is retrieved by Trickbot's mwormDll module on a host already infected with Trickbot.
  16. - mount3.png is retrieved by Trickbot's mshareDll module on a host already infected with Trickbot.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top