SHARE
TWEET

Trickbot EXE files from ".png" URLs on Thursday 2020-02-06

malware_traffic Feb 6th, 2020 1,861 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES FROM .PNG URLs ON THURSDAY 2020-02-06
  2.  
  3. URLS:
  4.  
  5. - hxxp://195.123.240[.]37/images/flygame.png
  6. - hxxp://195.123.240[.]37/images/lastimg.png
  7. - hxxp://195.123.240[.]37/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These may return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: 828ca3075748c81cd7503d9786af52caf7ac077ce2864b234fd1182c2802060f
  21. - File size: 778,240 bytes
  22. - File location: hxxp://195.123.240[.]37/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/310467/
  26.  -- https://app.any.run/tasks/51cc58ce-d27b-46e2-a49f-cf6cfca3f594
  27.  -- https://capesandbox.com/analysis/12447/
  28.  -- https://www.hybrid-analysis.com/sample/828ca3075748c81cd7503d9786af52caf7ac077ce2864b234fd1182c2802060f
  29.  
  30. - SHA256 hash: ea77b8a6bff0a9ee39d996fcf2a91c0539cf2d3db2aa7e03678ce55d3735bf6d
  31. - File size: 774,144 bytes
  32. - File location: hxxp://195.123.240[.]37/images/lastimg.png
  33. - File description: Windows executable file for Trickbot
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/310468/
  36.  -- https://app.any.run/tasks/1a9a412e-5f42-4b6f-80f1-37b81dca2a7a
  37.  -- https://capesandbox.com/analysis/12448/
  38.  -- https://www.hybrid-analysis.com/sample/ea77b8a6bff0a9ee39d996fcf2a91c0539cf2d3db2aa7e03678ce55d3735bf6d
  39.  
  40. - SHA256 hash: 8c4c5bbb22618f3785bd1adbc05872472058dc5b2f096b196ce1b95b01d18710
  41. - File size: 774,144 bytes
  42. - File location: hxxp://195.123.240[.]37/images/mini.png
  43. - File description: Windows executable file for Trickbot
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/310469/
  46.  -- https://app.any.run/tasks/95157532-9d94-406a-beb8-3c80d6057aab
  47.  -- https://capesandbox.com/analysis/12449/
  48.  -- https://www.hybrid-analysis.com/sample/8c4c5bbb22618f3785bd1adbc05872472058dc5b2f096b196ce1b95b01d18710
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top