Guest User

2018-11-13 - Malspam pushing Trickbot in US (gtag: sat101)

a guest
Nov 13th, 2018
846
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. MALSPAM PUSHING TRICKBOT IN THE US ON TUESDAY 2018-11-13
  2. GTAG: SAT101
  3.  
  4. 2018-11-13 14:24 UTC - Attachment: Invoice_010207.doc - Subject: Payment invoice for 199.92 USD
  5. 2018-11-13 14:24 UTC - Attachment: Invoice_010211.doc - Subject: Invoice for 162.52 US Dollars
  6. 2018-11-13 14:24 UTC - Attachment: Invoice_010211.doc - Subject: Receipt for 721.70 US Dollars
  7. 2018-11-13 14:25 UTC - Attachment: Invoice_010211.doc - Subject: Receipt for 656.48 US Dollars
  8. 2018-11-13 14:27 UTC - Attachment: Invoice_010211.doc - Subject: Payment check for 219.20 USD
  9. 2018-11-13 14:31 UTC - Attachment: Invoice_010208.doc - Subject: Receipt for 298.54 US Dollars
  10. 2018-11-13 14:32 UTC - Attachment: Invoice_010208.doc - Subject: Payment check for 887.41 USD
  11. 2018-11-13 14:33 UTC - Attachment: Invoice_010216.doc - Subject: Payment invoice for 697.62 US Dollars
  12. 2018-11-13 14:46 UTC - Attachment: Invoice_010206.doc - Subject: Invoice for 953.59 US Dollars
  13. 2018-11-13 14:46 UTC - Attachment: Invoice_010206.doc - Subject: Payment check for 382.56 US Dollars
  14. 2018-11-13 14:46 UTC - Attachment: Invoice_010206.doc - Subject: Payment check for 382.56 US Dollars
  15. 2018-11-13 14:46 UTC - Attachment: Invoice_010206.doc - Subject: Payment invoice for 933.73 USD
  16. 2018-11-13 14:47 UTC - Attachment: Invoice_010206.doc - Subject: Invoice for 302.45 US Dollars
  17. 2018-11-13 15:22 UTC - Attachment: Invoice_010217.doc - Subject: Payment invoice for 501.24 USD
  18. 2018-11-13 15:22 UTC - Attachment: Invoice_010217.doc - Subject: Receipt for 602.96 USD
  19. 2018-11-13 16:31 UTC - Attachment: receipt_13003.doc - Subject: Payment check for 915.29 USD
  20. 2018-11-13 16:31 UTC - Attachment: receipt_13003.doc - Subject: Payment invoice for 948.30 USD
  21. 2018-11-13 16:34 UTC - Attachment: receipt_13016.doc - Subject: Invoice for 395.99 USD
  22. 2018-11-13 16:36 UTC - Attachment: receipt_13004.doc - Subject: Payment invoice for 888.59 USD
  23. 2018-11-13 16:36 UTC - Attachment: receipt_13013.doc - Subject: Receipt for 514.37 US Dollars
  24.  
  25. SHA256 HASHES OF THE WORD DOCUMENTS:
  26.  
  27. 3173e3b1da5ffcb3fa9ddc94f3820a312b8ec9ad6acb5a4139d93b07aa38f783 - 203,776 bytes
  28. 36ebd4c63befa83255ddc07e09f13cbe4934ec041be5211f6bef783cfb420853 - 203,776 bytes
  29. 3d16caba7e6410db8e40fed1a040cb369243c6cfb0084629df2472ca6436e57e - 203,776 bytes
  30. 4f3b15c9c780df876890148064b7b73ba14b276f220710edfcfe021104253a0a - 203,776 bytes
  31. 64c7f9fed2802ed5a23971dc3fc3e9c00558106a47c72a0bf32bfaf9a29c8a95 - 203,776 bytes
  32. 66c340e49da4c7e8105c90c7c8e42f9918a7456a1677c9e149a46b2ce09344aa - 203,776 bytes
  33. 67658d4664a41bd386f5d67dee36c34f6ab4155bc8125facf04d75989c77c610 - 203,776 bytes
  34. 68b679aac9087bbde624751f0e21336533e1b5091d64df3db4d9d270771e3ba0 - 203,776 bytes
  35. 70169734bbf57a18f63bb653026b623a7dc959b09348920e91f5edf104842f65 - 203,776 bytes
  36. 737d8aef11c4d7a49efe3662678364c0a3bddb6d3d4e5d2a0bda77adfa6b8990 - 203,776 bytes
  37. 7910a1a0e9a7d88a57894d15fa6c438a78708e4c8d8a4b4889fdfa816b173fa7 - 203,776 bytes
  38. 7ec03a50823484788cb245e9eeeedd75fc180f005d83684b7cbfe14637fb04dc - 203,776 bytes
  39. 91eabac85e1b56246f9a2621d23fb51ebbac9f77276341837fb745fb0bd1108d - 203,776 bytes
  40. 99cc62bd303ad7a55386aacefa6545a7854f958db54234bea280e4c2f4ad3bb0 - 203,776 bytes
  41. a66360c718b8120f0ff8b59526ed2eb44bbcc4078511bf2ad76254cb3725a479 - 203,776 bytes
  42. a6806ed054b00b9f43104678c97cc110be237c1cda103a75d7c869c3bc2df116 - 203,776 bytes
  43. ccde8d2eda8bc980d95c129224a0f1d417ebbdac291773aa357f6cd74b874a82 - 203,776 bytes
  44. e954f0be5272b3c509c18663d3ad363c78e6eab887e34b43b758928ee1e1a554 - 203,776 bytes
  45. ee438519816369fce087e2d85d3497f2b17cdc663a163b3bb06974254299902b - 203,776 bytes
  46.  
  47. URLS GENERATED BY WORD MACROS TO RETRIEVE TRICKBOT:
  48.  
  49. hxxp://46.173.218[.]26/flyingarm.bar
  50. hxxp://46.173.218[.]43/flyingarm.bar
  51.  
  52. SHA256 HASH OF THE TRICKBOT BINARY:
  53.  
  54. f5f7347a7d71a5f70a94c16935236614e09a2c0bc6b5eb76c01f073b52f7ea9d - 581,120 bytes
RAW Paste Data