SHARE
TWEET

2019-04-16 - Trickbot malspam - gtag: sat43

malware_traffic Apr 16th, 2019 1,136 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-04-16 - TRICKBOT MALSPAM-BASED DISTRIBUTION: GTAG SAT43
  2.  
  3. - 2019-04-16 20:03 UTC -- Attachment name: System_Definition_and_Delivery_48374.doc -- Sender: asktim@sosportsinc.com -- Subject: Payslip for covered receipt ya3569089
  4. - 2019-04-16 19:58 UTC -- Attachment name: System_Definition_and_Delivery_48008.doc -- Sender: transportesmelendez@prodigy.net.mx -- Subject: Check for compensated invoice ap7355402
  5. - 2019-04-16 19:52 UTC -- Attachment name: System_Definition_and_Delivery_48008.doc -- Sender: transportesmelendez@prodigy.net.mx -- Subject: Paycheck for settled receipt on2322266
  6. - 2019-04-16 19:51 UTC -- Attachment name: System_Definition_and_Delivery_48023.doc -- Sender: rverstraete@paradiseautos.com -- Subject: Check for settled receipt ks5472108
  7. - 2019-04-16 19:45 UTC -- Attachment name: System_Definition_and_Delivery_48360.doc -- Sender: sbrown@smblawpc.com -- Subject: Payslip for settled statement mx8168462
  8. - 2019-04-16 19:45 UTC -- Attachment name: System_Definition_and_Delivery_48360.doc -- Sender: sbrown@smblawpc.com -- Subject: Payslip for paid statement si6676019
  9. - 2019-04-16 19:45 UTC -- Attachment name: System_Definition_and_Delivery_48360.doc -- Sender: sbrown@smblawpc.com -- Subject: Bank check for covered receipt rq4578304
  10. - 2019-04-16 19:39 UTC -- Attachment name: System_Definition_and_Delivery_48128.doc -- Sender: patrickc@qair.net -- Subject: Paycheck for covered invoice ih3350367
  11. - 2019-04-16 19:39 UTC -- Attachment name: System_Definition_and_Delivery_48128.doc -- Sender: postmaster@ros.com -- Subject: Undeliverable: Paycheck for paid statement ic4438047
  12. - 2019-04-16 19:39 UTC -- Attachment name: System_Definition_and_Delivery_48128.doc -- Sender: patrickc@qair.net -- Subject: Paycheck for paid statement ic4438047
  13. - 2019-04-16 19:38 UTC -- Attachment name: System_Definition_and_Delivery_48128.doc -- Sender: patrickc@qair.net -- Subject: Payslip for paid statement al8931767
  14. - 2019-04-16 19:38 UTC -- Attachment name: System_Definition_and_Delivery_48128.doc -- Sender: patrickc@qair.net -- Subject: Bank check for settled invoice ah2872276
  15. - 2019-04-16 18:50 UTC -- Attachment name: Customer_Order_Details_374201.doc -- Sender: rector@trinitynewport.org -- Subject: Paycheck for compensated invoice oc8213384
  16. - 2019-04-16 18:46 UTC -- Attachment name: Customer_Order_Details_374093.doc -- Sender: JSaulsbury@skagitfire6.com -- Subject: Bank check for covered receipt ne4364440
  17. - 2019-04-16 18:43 UTC -- Attachment name: Customer_Order_Details_374342.doc -- Sender: bhostetler@parkwayfc.com -- Subject: Check for paid statement rv9727957
  18. - 2019-04-16 18:43 UTC -- Attachment name: Customer_Order_Details_374342.doc -- Sender: bhostetler@parkwayfc.com -- Subject: Payslip for covered receipt bj1002062
  19. - 2019-04-16 18:43 UTC -- Attachment name: Customer_Order_Details_374342.doc -- Sender: bhostetler@parkwayfc.com -- Subject: Paycheck for settled invoice gl4652531
  20. - 2019-04-16 18:43 UTC -- Attachment name: Customer_Order_Details_374342.doc -- Sender: bhostetler@parkwayfc.com -- Subject: Payslip for covered statement mu4055133
  21. - 2019-04-16 18:42 UTC -- Attachment name: Customer_Order_Details_374342.doc -- Sender: bhostetler@parkwayfc.com -- Subject: Bank check for compensated receipt zq1391488
  22.  
  23. SHA256 FILE HASHES FOR THE ATTACHED WORD DOCUMENTS:
  24.  
  25. 0fd8b11cb8cd21e10f91338639a93f3f244c342b014a4c23d710f9edd99a6854
  26. 1b8fc75916c59461557f7e395c890889c74e9966395962d890355ae472be5184
  27. 2a9118b5eb732ba429f1dbdec3a5f0eebea00316559e5a1d91b26a92bf23052a
  28. 377c5ee1194b1b3e367de19a3c88483ad3cfc54d32cfc0d3838a6a1343702f01
  29. 3a85bc2a2b5103bb2ab9d783b9e0059a8a330d43b49250b4a028e1cef20e23a7
  30. 745cdcfd0f14be2bec7bc0b47fe8fffb8a467c627d493faad999eb31e85e5c72
  31. 814345687c2ee829d7c91eb5ee890c2036ded611d013925db29043c55e44126c
  32. b790efa2c2e8b58591f5795430aa6f89b6261f905a57879764d8cb1dbe4b65e2
  33. b79ae989973d402b57af0d21d3eb6fb48b84bea983361e8b356738d8b0c58989
  34. c4aefd8b5b16cb4c3a22e91a90122cd49d23e8cb1ef3c7b4c6cb54cba30641c5
  35. d13eafb0f0624677f2d3e906b8a5d484a8dda49177575df428852353294bd3bb
  36. e4782b2c8bd6ae97922a200cde843fb99536a90a8a5f134217fc223a43b17ba5
  37. eba0645343f990fb07c8f544b43c1edeebb07ddd2ac73fc14e269f18f5b0b8dd
  38. fcbcd5ac90c77668d551ce085e1b79109b4d275d366646aa473375022f9d555b
  39.  
  40. EXAMPLE OF WORD DOC WITH MACROS FOR TRICKBOT:
  41.  
  42. - VirusTotal: https://www.virustotal.com/#/file/814345687c2ee829d7c91eb5ee890c2036ded611d013925db29043c55e44126c/detection
  43. - Any.Run analysis: https://app.any.run/tasks/7f350bf7-feeb-432b-98fe-9c76c1741da6
  44. - CAPE Sandbox: https://cape.contextis.com/analysis/67333/
  45. - Reverse.it: https://www.reverse.it/sample/814345687c2ee829d7c91eb5ee890c2036ded611d013925db29043c55e44126c
  46.  
  47. TRICKBOT EXE (GTAG SAT43):
  48.  
  49. - Downloaded by Word macro: hxxp://64.44.133[.]134/los.gpg
  50. - Sample at: https://www.virustotal.com/#/file/e40d58a2a10f1193eca3dd40d424c8f7b6857c7a8b129cf57e8c4e281e4e5626/detection
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top