Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- TRICKBOT EXE FILES FROM .PNG URLs ON WENDESDAY 2020-04-01
- URLS:
- - hxxp://23.95.238[.]106/images/cursor.png
- - hxxp://23.95.238[.]106/images/imgpaper.png
- - hxxp://23.95.238[.]106/images/redcar.png
- NOTES:
- - These URLs were first submitted to VirusTotal on Monday 2020-03-24 and still active 8 days later as of Wednesday 2020-04-01.
- - The http request for cursor.png is caused by Trickbot's mshareDll module.
- - The http request for imgpaper.png is caused by Trickbot's tabDll module.
- - The http request for redcar.png is caused by Trickbot's mwormDll module.
- - All of these URLs returned a Windows executable file (EXE).
- - Each of these Trickbot EXE has a different gtag.
- - These URLs may return files with different hashes every time they are retrieved.
- FILE INFO:
- - SHA256 hash: a3f16a9e5863fc65768682d585a03c9d057dff428f24e116cacf2ef54636c82a
- - File size: 547,328 bytes
- - File location: hxxp://23.95.238[.]106/images/cursor.png
- - File description: Windows executable file for Trickbot, gtag tot709
- - Analysis:
- -- https://urlhaus.abuse.ch/url/333590/
- -- https://app.any.run/tasks/0dc3f516-a378-4632-aeb5-54f307b63c2e
- -- https://capesandbox.com/analysis/22/
- -- https://www.hybrid-analysis.com/sample/a3f16a9e5863fc65768682d585a03c9d057dff428f24e116cacf2ef54636c82a
- - SHA256 hash: bbb674213b05d7b69952172208cca0d5b9d97f0f8e848e22351c86b769333c20
- - File size: 547,328 bytes
- - File location: hxxp://23.95.238[.]106/images/imgpaper.png
- - File description: Windows executable file for Trickbot, gtag lib709
- - Analysis:
- -- https://urlhaus.abuse.ch/url/333589/
- -- https://app.any.run/tasks/156a70ba-4140-4b42-9297-7a0fce1696f2
- -- https://capesandbox.com/analysis/23/
- -- https://www.hybrid-analysis.com/sample/bbb674213b05d7b69952172208cca0d5b9d97f0f8e848e22351c86b769333c20
- - SHA256 hash: 144a3aabc4052782d66f8b436e60d4f5eee513c74af3493b74771419579e9c75
- - File size: 525,312 bytes
- - File location: hxxp://23.95.238[.]106/images/redcar.png
- - File description: Windows executable file for Trickbot, gtag jim709
- - Analysis:
- -- https://urlhaus.abuse.ch/url/333588/
- -- https://app.any.run/tasks/969ed189-7460-4ebf-b632-236404b061a6
- -- https://capesandbox.com/analysis/24/
- -- https://www.hybrid-analysis.com/sample/144a3aabc4052782d66f8b436e60d4f5eee513c74af3493b74771419579e9c75
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement