API tools faq
paste
Advertisement
pastehaste

2019-06-25 Trickbot

pastehaste
Jun 25th, 2019
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.85 KB | None | 0 0
raw download clone embed print report
  1. ATTACHMENT:
  2. (Information_Revealer_36300252.html)
  3. 2e9548b10f5c6c76417e63271025f1aa
  4. 498428706ac156f17dd06b94be660bff4e5cf5aba085d63d6582a57e5bb8a1de
  5.  
  6. -html contains encoded doc
  7.  
  8. (PurchaseOrder79584.docm)
  9. 5e8df695c4abd7b21fe185e264e7de07
  10. f33266fb7f2a7c056b50b23ba8fe2d7841b25e6aef1bc060f0fb2f404a261ba6
  11.  
  12. -doc runs obfuscated jscript (info.pdf)
  13. wscript.exe /e:JScript .\info.pdf
  14.  
  15. (info.pdf) - javascript
  16. c81baee547e3791c95496536be9e8327
  17. 1b37c8f545cad2b7584bfe46edc3d7d803cf6d80d08633a9a30b05de699c4e87
  18.  
  19. script creates .hbo, decodes with certutil
  20. %windir%\System32\certutil.exe -f -decode %TEMP%\251149.hbo %TEMP%\929464.exe
  21.  
  22. (929464.exe) signed payload
  23. df8a69f3f7fab1fcb33225dc29cfbc47
  24. 3f651b525ceaa941c143b2adc3244b3d4b9af299ad09beea345867258dfbf5e7
  25.  
  26. "EITHAN CONSULTING LTD"
  27. Serial Number 79 4C CA B4 3E 94 0D 1B 05 E0 5D A7 45 BE D0 FE
  28.  
  29. bot ID
  30. sat53
  31.  
  32. gtag
  33. 1000440
  34.  
  35. c2
  36. 103.117.232[.]198:449
  37. 103.207.169[.]78:449
  38. 138.59.233[.]5:449
  39. 146.196.122[.]152:449
  40. 146.196.122[.]167:449
  41. 164.132.216[.]36:443
  42. 164.132.216[.]50:443
  43. 168.232.42[.]14:449
  44. 170.84.78[.]186:449
  45. 177.103.240[.]149:449
  46. 177.12.82[.]27:449
  47. 177.183.194[.]194:449
  48. 177.52.79[.]29:449
  49. 180.250.197[.]188:449
  50. 181.112.145[.]222:449
  51. 181.115.168[.]69:449
  52. 181.129.140[.]140:449
  53. 181.129.49[.]98:449
  54. 181.129.93[.]226:449
  55. 181.196.61[.]110:449
  56. 185.86.151[.]96:443
  57. 186.138.152[.]228:449
  58. 186.183.199[.]114:449
  59. 186.42.186[.]202:449
  60. 186.42.226[.]46:449
  61. 187.110.100[.]122:449
  62. 187.58.56[.]26:449
  63. 187.65.49[.]88:449
  64. 189.80.134[.]122:449
  65. 190.13.160[.]19:449
  66. 190.152.4[.]210:449
  67. 190.154.203[.]218:449
  68. 191.37.181[.]152:449
  69. 200.35.56[.]81:449
  70. 36.89.85[.]103:449
  71. 37.18.30[.]80:443
  72. 37.230.116[.]248:443
  73. 37.230.117[.]170:443
  74. 45.230.200[.]140:449
  75. 5.188.168[.]36:443
  76. 51.75.58[.]171:443
  77. 51.75.58[.]175:443
  78. 79.137.119[.]212:443
  79. 85.204.116[.]192:443
  80. 85.204.116[.]194:443
  81. 94.103.94[.]120:443
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!