malware_traffic

2019-02-05 - Trickbot malspam - gtag: ser0205us

Feb 5th, 2019
1,608
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-02-05 - TRICKBOT MALSPAM - GTAG: SER0205US
  2.  
  3. EMAIL INFO:
  4.  
  5. - Sender (spoofed): penny.tam@scotiabanksec.com
  6. - Sender (spoofed): penny.tam@scotiabank-ses.com
  7. - Subject: ALERT – BB Wire: Extra Due Diligence* RE: Incoming Wire Name and Account Mismatch
  8. - Attachment name: 190122S6909500.xlsm
  9.  
  10. MALWARE INFO:
  11.  
  12. - SHA256 hash: 0d2529ac1ce211978b2155d5337c208fd80553910eadcdbcda6d58dba1d7f3b4
  13. - File size: 51,831 bytes
  14. - File name: 190122S6909500.xlsm
  15. - File description: Attached Excel spreadsheet with macro for Trickbot
  16. - Any Run analysis: https://app.any.run/tasks/347e577a-f765-42de-9305-c991f4b3b8b8
  17. - Reverse.it: https://www.reverse.it/sample/0d2529ac1ce211978b2155d5337c208fd80553910eadcdbcda6d58dba1d7f3b4
  18.  
  19. - SHA256 hash: 2db3d3a913bccc3a9f2e4a6529840bfe943b244974db19e7905a1368d9d155b7
  20. - File size: 839,680 bytes
  21. - File description: Trickbot malware binary (EXE file)
  22. - File location: hxxps://banditbars[.]com/ad.mini
  23. - File location: hxxps://stream-market.co[.]uk/ad.mini
  24. - Any Run analysis: https://app.any.run/tasks/b639063f-e638-4144-a09c-12a5afb83170
  25. - CAPE sandbox: https://cape.contextis.com/analysis/35176/
  26. - Reverse.it: https://www.reverse.it/sample/2db3d3a913bccc3a9f2e4a6529840bfe943b244974db19e7905a1368d9d155b7
RAW Paste Data