SHARE
TWEET

2019-02-05 - Trickbot malspam - gtag: ser0205us

malware_traffic Feb 5th, 2019 (edited) 1,248 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-02-05 - TRICKBOT MALSPAM - GTAG: SER0205US
  2.  
  3. EMAIL INFO:
  4.  
  5. - Sender (spoofed): penny.tam@scotiabanksec.com
  6. - Sender (spoofed): penny.tam@scotiabank-ses.com
  7. - Subject: ALERT – BB Wire: Extra Due Diligence* RE: Incoming Wire Name and Account Mismatch
  8. - Attachment name: 190122S6909500.xlsm
  9.  
  10. MALWARE INFO:
  11.  
  12. - SHA256 hash: 0d2529ac1ce211978b2155d5337c208fd80553910eadcdbcda6d58dba1d7f3b4
  13. - File size: 51,831 bytes
  14. - File name: 190122S6909500.xlsm
  15. - File description: Attached Excel spreadsheet with macro for Trickbot
  16. - Any Run analysis: https://app.any.run/tasks/347e577a-f765-42de-9305-c991f4b3b8b8
  17. - Reverse.it: https://www.reverse.it/sample/0d2529ac1ce211978b2155d5337c208fd80553910eadcdbcda6d58dba1d7f3b4
  18.  
  19. - SHA256 hash: 2db3d3a913bccc3a9f2e4a6529840bfe943b244974db19e7905a1368d9d155b7
  20. - File size: 839,680 bytes
  21. - File description: Trickbot malware binary (EXE file)
  22. - File location: hxxps://banditbars[.]com/ad.mini
  23. - File location: hxxps://stream-market.co[.]uk/ad.mini
  24. - Any Run analysis: https://app.any.run/tasks/b639063f-e638-4144-a09c-12a5afb83170
  25. - CAPE sandbox: https://cape.contextis.com/analysis/35176/
  26. - Reverse.it: https://www.reverse.it/sample/2db3d3a913bccc3a9f2e4a6529840bfe943b244974db19e7905a1368d9d155b7
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top