Trickbot EXE from .png URLs - Thursday 2019-11-28
- TRICKBOT EXE FROM .PNG URLS - THURSDAY 2019-11-28
- - hxxp://185.172.129[.]196/img/ferr1.png
- - hxxp://185.172.129[.]196/images/mount3.png
- SHA256 HASHES:
- - ebecb12f5f465d369128da60545e0a60e2fab909519f552461062caa77f5960b ferr1.png
- - 0a513e828f343bfa6be0a2ef7af2f96a28a1eae4154701dc0bf403f618c747f3 mount3.png
- - The above URLS have been submitted to urlhaus.abuse.ch
- - The above files have been submitted to VirusTotal and sandboxes at app.any.run, cape.contextis.com, and hybrid-analysis.com
- - ferr1.png is retrieved by Trickbot's mwormDll module on a host already infected with Trickbot.
- - mount3.png is retrieved by Trickbot's mshareDll module on a host already infected with Trickbot.
RAW Paste Data