SHARE
TWEET

Trickbot EXE files from ".png" URLs on Wednesday 2020-02-19

malware_traffic Feb 19th, 2020 1,526 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES FROM .PNG URLs ON WEDNESDAY 2020-02-19
  2.  
  3. URLS:
  4.  
  5. - hxxp://192.3.124[.]40/images/flygame.png
  6. - hxxp://192.3.124[.]40/images/lastimg.png
  7. - hxxp://192.3.124[.]40/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These URLs may return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: ce1c4a26527727cd309e0e656ab0afb4c1393cc8855e82d5af7f0c5a33e9727f
  21. - File size: 995,904 bytes
  22. - File location: hxxp://192.3.124[.]40/images/flygame.png
  23. - File description: Windows executable file for Trickbot, gtag jim677
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/316356/
  26.  -- https://app.any.run/tasks/61d64951-50dd-48f2-acac-6f71957e81e3
  27.  -- https://capesandbox.com/analysis/12996/
  28.  -- https://www.hybrid-analysis.com/sample/ce1c4a26527727cd309e0e656ab0afb4c1393cc8855e82d5af7f0c5a33e9727f
  29.  
  30. - SHA256 hash: 7ddb90fd18c9b65f355e20f72fb263dcc07b7f4e51a518607b65876cdccc40ba
  31. - File size: 990,272 bytes
  32. - File location: hxxp://192.3.124[.]40/images/lastimg.png
  33. - File description: Windows executable file for Trickbot, gtag lib677
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/316357/
  36.  -- https://app.any.run/tasks/9b7123d8-45dd-484f-a924-e400f222bfc7
  37.  -- https://capesandbox.com/analysis/12997/
  38.  -- https://www.hybrid-analysis.com/sample/7ddb90fd18c9b65f355e20f72fb263dcc07b7f4e51a518607b65876cdccc40ba
  39.  
  40. - SHA256 hash: 42550767cdc440db0a5037c1a0c80da955837d03258ed2b10f4ca17d2c3f7941
  41. - File size: 990,272 bytes
  42. - File location: hxxp://192.3.124[.]40/images/mini.png
  43. - File description: Windows executable file for Trickbot, gtag tot677
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/316358/
  46.  -- https://app.any.run/tasks/e2114a94-37fb-46ea-8cd3-ec897ec5ab90
  47.  -- https://capesandbox.com/analysis/12998/
  48.  -- https://www.hybrid-analysis.com/sample/42550767cdc440db0a5037c1a0c80da955837d03258ed2b10f4ca17d2c3f7941
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top