SHARE
TWEET

2019-08-26 - files from Ursnif infection with Trickbot

malware_traffic Aug 26th, 2019 (edited) 1,395 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-08-26 - FILE HASHES FROM URSNIF INFECTION WITH TRICKBOT AS FOLLOW-UP MALWARE
  2.  
  3. SHA256 hash: b4234404fc73aca938190de3d402e4cc2a4a676a2915c4c0b637691f16c8652a
  4. File size: 84,480 bytes
  5. File name: info_08.26.doc
  6. File description: Word doc extracted from password-protected zip attachment with macro for Ursnif
  7.  
  8. SHA256 hash: d7e7e3d0611e8bd59da08f318fb8b047b8c438d9a1fbd9e74dd6b82955ae31f0
  9. File size: 1,785 bytes
  10. File location: C:\Windows\Temp\CGNdpatCVCt.js
  11. File description: JS file seen after enabling macros
  12.  
  13. SHA256 hash: db4b1511788b62193a6bd98c268910e7e9a0f9befa44d77e29e05f479ebbed2d
  14. File size: 610,816 bytes
  15. File location: hxxp://xak40phoebe[.]com/pwoxi444/vpvop.php?l=baow1.ctl
  16. File location: C:\Windows\Temp\71.exe
  17. File description: Initial Ursnif EXE retrieved by the above JS file.
  18.  
  19. SHA256 hash: d6169bd12e5bd489a371bbeda71802a618826b8f4bbce97fe2c7cb99a2f34cd9
  20. File size: 706,560 bytes
  21. File location: hxxp://phangiunque[.]com[.]vn/unicomasd.rar
  22. File location: C:\Users\[username]\AppData\Local\Temp\964881.exe
  23. File description: Follow-up malware -- Trickbot gtag: leo6 (1 of 2)
  24.  
  25. SHA256 hash: fef0f562b921b2567a38b79b873dc1eaef949df3a73d95aa836b7ba0bd18d902
  26. File size: 630,272 bytes
  27. File location: hxxp://trublendzbarbershop[.]com/wp-content/uploads/2019/08/2unicomasd.rar
  28. File location: C:\Users\[username]\AppData\Local\Temp\3188395.exe
  29. File description: Follow-up malware -- Trickbot gtag: leo6 (2 of 2)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top