SHARE
TWEET

Trickbot EXE from .png URLs on Wednesday 2020-01-08

malware_traffic Jan 8th, 2020 764 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS ON WEDNESDAY 2020-01-08
  2.  
  3. URLS:
  4.  
  5. - hxxp://172.245.186[.]147/images/flygame.png
  6. - hxxp://172.245.186[.]147/images/lastimg.png
  7. - hxxp://172.245.186[.]147/images/mini.png
  8.  
  9.  
  10. - One of these URLs were submitted to VirusTotal as early as Tuesday 2020-01-07.
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These may return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: 080b7a4d2d8c6b48840a8866ea8ad6c43053c21bbb33dd66ef6164e32aaf98ea
  21. - File size: 622,592 bytes
  22. - File location: hxxp://172.245.186[.]147/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/284219/
  26.  -- https://app.any.run/tasks/f78cceeb-91c5-4a3a-992b-f44f4523ce4b
  27.  -- https://capesandbox.com/analysis/10436/
  28.  -- https://www.hybrid-analysis.com/sample/080b7a4d2d8c6b48840a8866ea8ad6c43053c21bbb33dd66ef6164e32aaf98ea
  29.  
  30. - SHA256 hash: e2cb921fd4ce9fa4b4679437034c58b6b7fc6b30dfaa6684ac69b1a66b350f88
  31. - File size: 618,496 bytes
  32. - File location: hxxp://172.245.186[.]147/images/lastimg.png
  33. - File description: Windows executable file for Trickbot
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/284220/
  36.  -- https://app.any.run/tasks/7f7a48d8-53a0-4de1-b8d3-32fd38e3f0f4
  37.  -- https://capesandbox.com/analysis/10437/
  38.  -- https://www.hybrid-analysis.com/sample/e2cb921fd4ce9fa4b4679437034c58b6b7fc6b30dfaa6684ac69b1a66b350f88
  39.  
  40. - SHA256 hash: 778d3774014cee870b60bb10f446beff11362b88ef4d675b7ba72e09a909412e
  41. - File size: 618,496 bytes
  42. - File location: hxxp://172.245.186[.]147/images/mini.png
  43. - File description: Windows executable file for Trickbot
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/284221/
  46.  -- https://app.any.run/tasks/285c1e18-4d6d-4118-a662-1b67ea2076dc
  47.  -- https://capesandbox.com/analysis/10438/
  48.  -- https://www.hybrid-analysis.com/sample/778d3774014cee870b60bb10f446beff11362b88ef4d675b7ba72e09a909412e
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top