SHARE
TWEET

Trickbot EXE files seen from .png URLs on 2019-10-29

malware_traffic Oct 29th, 2019 (edited) 1,126 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES FROM PNG-EXTENSION URLS SEEN ON TUESDAY 2019-10-29:
  2.  
  3. hxxp://66.55.71[.]12/scrimet.png
  4. hxxp://66.55.71[.]12/tablone.png
  5. hxxp://66.55.71[.]12/wgroden.png
  6.  
  7. $ file *.png
  8. scrimet.png: PE32 executable (GUI) Intel 80386, for MS Windows
  9. tablone.png: PE32 executable (GUI) Intel 80386, for MS Windows
  10. wgroden.png: PE32 executable (GUI) Intel 80386, for MS Windows
  11.  
  12. $ shasum -a 256 *.png
  13. ac27e0944ce794ebbb7e5fb8a851b9b0586b3b674dfa39e196a8cd47e9ee72b2  scrimet.png
  14. 2ac33b26d860fbc58f22a026cdb08709cd3277f3a6a6637386a1f4ec656f13f2  tablone.png
  15. d0d2f089cd36790b4dd5f593b643ef1734dbd3cc97ac91a02f74b345491c8856  wgroden.png
  16.  
  17. scrimet.png
  18. - https://app.any.run/tasks/1511edfa-8c8d-4bd2-97dd-0aa3a0516fdd
  19. - https://cape.contextis.com/analysis/104241/
  20. - https://www.reverse.it/sample/ac27e0944ce794ebbb7e5fb8a851b9b0586b3b674dfa39e196a8cd47e9ee72b2
  21.  
  22. tablone.png (gtag: lib598)
  23. - https://app.any.run/tasks/a01cb00c-e615-4bb4-8926-25386321ab86
  24. - https://cape.contextis.com/analysis/104243/
  25. - https://www.reverse.it/sample/2ac33b26d860fbc58f22a026cdb08709cd3277f3a6a6637386a1f4ec656f13f2
  26.  
  27. wgroden.png (gtag: jim598)
  28. - https://app.any.run/tasks/9f19b48a-cc58-44fd-b440-8a73a439e43c
  29. - https://cape.contextis.com/analysis/104244/
  30. - https://www.reverse.it/sample/d0d2f089cd36790b4dd5f593b643ef1734dbd3cc97ac91a02f74b345491c8856
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top