Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Qakbot has been busy distributing tr01, and in the meantime, I've been uploading the xls/xlsb files that I've caught into malwarebazaar. Also, it seems like the IP buffer in the unpacked binary is unchanged since yesterday (Oct 19 2020), so to avoid polluting IOC collection, it won't be included in today's paste.
- Malware Bazaar Tag: https://bazaar.abuse.ch/browse/tag/tr01
- Sandbox: https://app.any.run/tasks/32a2a38d-cd95-413c-a76e-e7da40a6853c
- Urls:
- https://kawaguchikimiaindonesia.com/crun20.gif
- https://cargotrans.net.co/crun20.gif
- https://staffordhvacservices.com/crun20.gif
- http://tak-tik.site/crun20.gif
- http://blog.vokasidev.com/crun20.gif
- http://smsraygan.ir/crun20.gif
- https://vmracing507.com/crun20.gif
- https://simplygrocery.simplypos.org.in/crun20.gif
Add Comment
Please, Sign In to add comment