SHARE
TWEET

Trickbot EXE files from ".png" URLs on Wednesday 2020-03-04

malware_traffic Mar 4th, 2020 751 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES FROM .PNG URLs ON WEDNESDAY 2020-03-04
  2.  
  3. URLS:
  4.  
  5. - hxxp://198.23.130[.]69/images/cursor.png
  6. - hxxp://198.23.130[.]69/images/imgpaper.png
  7. - hxxp://198.23.130[.]69/images/redcar.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for cursor.png is caused by Trickbot's mshareDll module.
  12. - The http request for imgpaper.png is caused by Trickbot's tabDll module.
  13. - The http request for redcar.png is caused by Trickbot's mwormDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These URLs may return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: e39468abf20701e4e146010eba9c2be958bb9a053cc7dfa661f627da656b0fb8
  21. - File size: 655,360 bytes
  22. - File location: hxxp://198.23.130[.]69/images/cursor.png
  23. - File description: Windows executable file for Trickbot, gtag tot689
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/321304/
  26.  -- https://app.any.run/tasks/a1a37486-a2d2-4c6d-bc23-351b44cb169a
  27.  -- https://capesandbox.com/analysis/13645/
  28.  -- https://www.hybrid-analysis.com/sample/e39468abf20701e4e146010eba9c2be958bb9a053cc7dfa661f627da656b0fb8
  29.  
  30. - SHA256 hash: 5bfb2703f7370af12d9e85269103ede103f69c70a0b86c988e9e71592e9d2aa3
  31. - File size: 655,360 bytes
  32. - File location: hxxp://198.23.130[.]69/images/imgpaper.png
  33. - File description: Windows executable file for Trickbot, gtag lib689
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/321606/
  36.  -- https://app.any.run/tasks/f54c10e8-8fde-486f-8c2a-0228c77f71b7
  37.  -- https://capesandbox.com/analysis/13646/
  38.  -- https://www.hybrid-analysis.com/sample/5bfb2703f7370af12d9e85269103ede103f69c70a0b86c988e9e71592e9d2aa3
  39.  
  40. - SHA256 hash: d632ed81ed111cfe68ddd71f51fe9d6d49c7035f2f275344f44928f8bf7f0bea
  41. - File size: 643,123 bytes
  42. - File location: hxxp://198.23.130[.]69/images/redcar.png
  43. - File description: Windows executable file for Trickbot, gtag jim689
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/321607/
  46.  -- https://app.any.run/tasks/589704eb-ca0f-49e4-ba7a-e262cce310bc
  47.  -- https://capesandbox.com/analysis/13647/
  48.  -- https://www.hybrid-analysis.com/sample/d632ed81ed111cfe68ddd71f51fe9d6d49c7035f2f275344f44928f8bf7f0bea
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top