API tools faq
paste
Advertisement
malware_traffic

Trickbot EXE files from ".png" URLs on Friday 2020-04-10

malware_traffic
Apr 10th, 2020
8,245
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.25 KB | None | 0 0
raw download clone embed print report
  1. TRICKBOT EXE FILES FROM .PNG URLs ON FRIDAY 2020-04-10
  2.  
  3. URLS:
  4.  
  5. - hxxp://64.44.133[.]154/images/cursor.png
  6. - hxxp://64.44.133[.]154/images/imgpaper.png
  7. - hxxp://64.44.133[.]154/images/redcar.png
  8.  
  9. NOTES:
  10.  
  11. - At least one of these URLs was submitted to VirusTotal as early as Wednesday 2020-04-08.
  12. - The http request for cursor.png is caused by Trickbot's mshareDll module.
  13. - The http request for imgpaper.png is caused by Trickbot's tabDll module.
  14. - The http request for redcar.png is caused by Trickbot's mwormDll module.
  15. - All of these URLs returned a Windows executable file (EXE).
  16. - Each of these Trickbot EXE has a different gtag.
  17. - These URLs may return files with different hashes every time they are retrieved.
  18.  
  19. FILE INFO:
  20.  
  21. - SHA256 hash: 5dc263d7f0ecb3a74e3d60fde5937b82c6538872b107dc86aab3a7a17d257f12
  22. - File size: 637,440 bytes
  23. - File location: hxxp://64.44.133[.]154/images/cursor.png
  24. - File description: Windows executable file for Trickbot, gtag tot713
  25. - Analysis:
  26. -- https://urlhaus.abuse.ch/url/338121/
  27. -- https://app.any.run/tasks/97865e8b-8d76-4490-9c88-bedf110f74a5/
  28. -- https://capesandbox.com/analysis/893/
  29. -- https://www.hybrid-analysis.com/sample/5dc263d7f0ecb3a74e3d60fde5937b82c6538872b107dc86aab3a7a17d257f12
  30.  
  31. - SHA256 hash: 4b2ce158a065f0bf1dbb821266e4a656458623598166680934223f9346c91d11
  32. - File size: 637,440 bytes
  33. - File location: hxxp://64.44.133[.]154/images/imgpaper.png
  34. - File description: Windows executable file for Trickbot, gtag lib713
  35. - Analysis:
  36. -- https://urlhaus.abuse.ch/url/338122/
  37. -- https://app.any.run/tasks/1a3a29e-6c9d-42cc-bb22-f7cb31eff0f5/
  38. -- https://capesandbox.com/analysis/894/
  39. -- https://www.hybrid-analysis.com/sample/4b2ce158a065f0bf1dbb821266e4a656458623598166680934223f9346c91d11
  40.  
  41. - SHA256 hash: 2c04e6d8af5e083476086ce90d310f0ad8e13a30a9678392e912798f9a53c6fb
  42. - File size: 638,976 bytes
  43. - File location: hxxp://64.44.133[.]154/images/redcar.png
  44. - File description: Windows executable file for Trickbot, gtag jim713
  45. - Analysis:
  46. -- https://urlhaus.abuse.ch/url/338123/
  47. -- https://app.any.run/tasks/97ee36e5-ff5b-4e53-b6de-a1c9673e3f67/
  48. -- https://capesandbox.com/analysis/895/
  49. -- https://www.hybrid-analysis.com/sample/2c04e6d8af5e083476086ce90d310f0ad8e13a30a9678392e912798f9a53c6fb
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!