SHARE
TWEET

Trickbot EXE from .png URLs - Friday 2019-12-06

malware_traffic Dec 6th, 2019 (edited) 761 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS AS OF FRIDAY 2019-12-06
  2.  
  3. URLS:
  4.  
  5. - hxxp://107.172.208[.]25/images/flygame.png
  6. - hxxp://107.172.208[.]25/images/lastimg.png
  7. - hxxp://107.172.208[.]25/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - I think these are different file hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: 1c8ba04b3707188dde5c8757c3a0429c2800884f076595220bcaa4df78df4d12
  21. - File size: 483,328 bytes
  22. - File location: hxxp://107.172.208[.]25/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/264580/
  26.  -- https://app.any.run/tasks/d33b4589-ce8d-45dd-be33-a2666f2c1962
  27.  -- https://cape.contextis.com/analysis/117022/
  28.  -- https://hybrid-analysis.com/sample/1c8ba04b3707188dde5c8757c3a0429c2800884f076595220bcaa4df78df4d12
  29.  
  30. - SHA256 hash: f0542bfb8ab680e87f618eacd723ee750dcc6413e1c5d43221417e90d747376e
  31. - File size: 483,328 bytes
  32. - File location: hxxp://107.172.208[.]25/images/lastimg.png
  33. - File description: Windows executable file for Trickbot
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/264581/
  36.  -- https://app.any.run/tasks/a404c762-4bc6-4b68-9535-e5a44d57fd65
  37.  -- https://cape.contextis.com/analysis/117023/
  38.  -- https://hybrid-analysis.com/sample/f0542bfb8ab680e87f618eacd723ee750dcc6413e1c5d43221417e90d747376e
  39.  
  40. - SHA256 hash: 9f6aa474d89fa6a0c8e43c7aacea365559d7894c5aef66042837166b5d218b52
  41. - File size: 483,328 bytes
  42. - File location: hxxp://107.172.208[.]25/images/mini.png
  43. - File description: Windows executable file for Trickbot
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/264582/
  46.  -- https://app.any.run/tasks/f0c1f91f-5d96-4533-9cf8-60fd4d277df6
  47.  -- https://cape.contextis.com/analysis/117024/
  48.  -- https://hybrid-analysis.com/sample/9f6aa474d89fa6a0c8e43c7aacea365559d7894c5aef66042837166b5d218b52
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top