SHARE
TWEET

Trickbot EXE from .png URLs as of Wed 2019-12-04

malware_traffic Dec 5th, 2019 665 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS AS OF WEDNESDAY 2019-12-04
  2.  
  3. URLS:
  4.  
  5. - hxxp://185.142.99[.]64/images/flygame.png
  6. - hxxp://185.142.99[.]64/images/lastimg.png
  7. - hxxp://185.142.99[.]64/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for flygame.png was caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png was caused by Trickbot's tabDll module.
  13. - The http request for mini.png was caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - File info below is on samples I retrieved on Thursday 2019-12-05
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: aee666c4f2bac8dc0212c5a15dbd9a0010c4c79d35328bec55c1274a984df5d1
  21. - File size: 672,768 bytes
  22. - File location: hxxp://185.142.99[.]64/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/263786/
  26.  -- https://app.any.run/tasks/164a08c2-69d0-4e2b-bd3e-5f557d2c7138
  27.  -- https://cape.contextis.com/analysis/116800/
  28.  -- https://hybrid-analysis.com/sample/aee666c4f2bac8dc0212c5a15dbd9a0010c4c79d35328bec55c1274a984df5d1
  29.  
  30. - SHA256 hash: e029ef6235bdc0ac0987317f34eac96331bdf6d97a589665479e266edc09d01b
  31. - File size: 673,792 bytes
  32. - File location: hxxp://185.142.99[.]64/images/lastimg.png
  33. - File description: Windows executable file for Trickbot
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/263787/
  36.  -- https://app.any.run/tasks/15679689-3178-4a7f-90f3-829555454147
  37.  -- https://cape.contextis.com/analysis/116801/
  38.  -- https://hybrid-analysis.com/sample/e029ef6235bdc0ac0987317f34eac96331bdf6d97a589665479e266edc09d01b
  39.  
  40. - SHA256 hash: b3c98e15591654ae03ba9e624e0fd44f76695c5dc73382384da3366b2616834b
  41. - File size: 673,792 bytes
  42. - File location: hxxp://185.142.99[.]64/images/mini.png
  43. - File description: Windows executable file for Trickbot
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/263788/
  46.  -- https://app.any.run/tasks/dcaacaef-1e16-43ae-880d-fe3884dd938f
  47.  -- https://cape.contextis.com/analysis/116803/
  48.  -- https://hybrid-analysis.com/sample/b3c98e15591654ae03ba9e624e0fd44f76695c5dc73382384da3366b2616834b
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top