API tools faq
paste
Advertisement
malware_traffic

Trickbot EXE files from ".png" URLs on Wednesday 2020-04-01

malware_traffic
Apr 1st, 2020
8,694
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.28 KB | None | 0 0
raw download clone embed print report
  1. TRICKBOT EXE FILES FROM .PNG URLs ON WENDESDAY 2020-04-01
  2.  
  3. URLS:
  4.  
  5. - hxxp://23.95.238[.]106/images/cursor.png
  6. - hxxp://23.95.238[.]106/images/imgpaper.png
  7. - hxxp://23.95.238[.]106/images/redcar.png
  8.  
  9. NOTES:
  10.  
  11. - These URLs were first submitted to VirusTotal on Monday 2020-03-24 and still active 8 days later as of Wednesday 2020-04-01.
  12. - The http request for cursor.png is caused by Trickbot's mshareDll module.
  13. - The http request for imgpaper.png is caused by Trickbot's tabDll module.
  14. - The http request for redcar.png is caused by Trickbot's mwormDll module.
  15. - All of these URLs returned a Windows executable file (EXE).
  16. - Each of these Trickbot EXE has a different gtag.
  17. - These URLs may return files with different hashes every time they are retrieved.
  18.  
  19. FILE INFO:
  20.  
  21. - SHA256 hash: a3f16a9e5863fc65768682d585a03c9d057dff428f24e116cacf2ef54636c82a
  22. - File size: 547,328 bytes
  23. - File location: hxxp://23.95.238[.]106/images/cursor.png
  24. - File description: Windows executable file for Trickbot, gtag tot709
  25. - Analysis:
  26. -- https://urlhaus.abuse.ch/url/333590/
  27. -- https://app.any.run/tasks/0dc3f516-a378-4632-aeb5-54f307b63c2e
  28. -- https://capesandbox.com/analysis/22/
  29. -- https://www.hybrid-analysis.com/sample/a3f16a9e5863fc65768682d585a03c9d057dff428f24e116cacf2ef54636c82a
  30.  
  31. - SHA256 hash: bbb674213b05d7b69952172208cca0d5b9d97f0f8e848e22351c86b769333c20
  32. - File size: 547,328 bytes
  33. - File location: hxxp://23.95.238[.]106/images/imgpaper.png
  34. - File description: Windows executable file for Trickbot, gtag lib709
  35. - Analysis:
  36. -- https://urlhaus.abuse.ch/url/333589/
  37. -- https://app.any.run/tasks/156a70ba-4140-4b42-9297-7a0fce1696f2
  38. -- https://capesandbox.com/analysis/23/
  39. -- https://www.hybrid-analysis.com/sample/bbb674213b05d7b69952172208cca0d5b9d97f0f8e848e22351c86b769333c20
  40.  
  41. - SHA256 hash: 144a3aabc4052782d66f8b436e60d4f5eee513c74af3493b74771419579e9c75
  42. - File size: 525,312 bytes
  43. - File location: hxxp://23.95.238[.]106/images/redcar.png
  44. - File description: Windows executable file for Trickbot, gtag jim709
  45. - Analysis:
  46. -- https://urlhaus.abuse.ch/url/333588/
  47. -- https://app.any.run/tasks/969ed189-7460-4ebf-b632-236404b061a6
  48. -- https://capesandbox.com/analysis/24/
  49. -- https://www.hybrid-analysis.com/sample/144a3aabc4052782d66f8b436e60d4f5eee513c74af3493b74771419579e9c75
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!