malware_traffic

Trickbot EXE files seen from .png URLs on 2019-10-29

Oct 29th, 2019
1,618
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES FROM PNG-EXTENSION URLS SEEN ON TUESDAY 2019-10-29:
  2.  
  3. hxxp://66.55.71[.]12/scrimet.png
  4. hxxp://66.55.71[.]12/tablone.png
  5. hxxp://66.55.71[.]12/wgroden.png
  6.  
  7. $ file *.png
  8. scrimet.png: PE32 executable (GUI) Intel 80386, for MS Windows
  9. tablone.png: PE32 executable (GUI) Intel 80386, for MS Windows
  10. wgroden.png: PE32 executable (GUI) Intel 80386, for MS Windows
  11.  
  12. $ shasum -a 256 *.png
  13. ac27e0944ce794ebbb7e5fb8a851b9b0586b3b674dfa39e196a8cd47e9ee72b2 scrimet.png
  14. 2ac33b26d860fbc58f22a026cdb08709cd3277f3a6a6637386a1f4ec656f13f2 tablone.png
  15. d0d2f089cd36790b4dd5f593b643ef1734dbd3cc97ac91a02f74b345491c8856 wgroden.png
  16.  
  17. scrimet.png
  18. - https://app.any.run/tasks/1511edfa-8c8d-4bd2-97dd-0aa3a0516fdd
  19. - https://cape.contextis.com/analysis/104241/
  20. - https://www.reverse.it/sample/ac27e0944ce794ebbb7e5fb8a851b9b0586b3b674dfa39e196a8cd47e9ee72b2
  21.  
  22. tablone.png (gtag: lib598)
  23. - https://app.any.run/tasks/a01cb00c-e615-4bb4-8926-25386321ab86
  24. - https://cape.contextis.com/analysis/104243/
  25. - https://www.reverse.it/sample/2ac33b26d860fbc58f22a026cdb08709cd3277f3a6a6637386a1f4ec656f13f2
  26.  
  27. wgroden.png (gtag: jim598)
  28. - https://app.any.run/tasks/9f19b48a-cc58-44fd-b440-8a73a439e43c
  29. - https://cape.contextis.com/analysis/104244/
  30. - https://www.reverse.it/sample/d0d2f089cd36790b4dd5f593b643ef1734dbd3cc97ac91a02f74b345491c8856
RAW Paste Data