SHARE
TWEET

Trickbot EXE from .png URLs on Monday 2020-01-27

malware_traffic Jan 27th, 2020 1,069 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBot EXE FROM .PNG URLs ON MONDAY 2020-01-27
  2.  
  3. URLS:
  4.  
  5. - hxxp://107.175.116[.]133/images/flygame.png
  6. - hxxp://107.175.116[.]133/images/lastimg.png
  7. - hxxp://107.175.116[.]133/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - One of these URLs were submitted to VirusTotal as early as Thursday 2020-01-23.
  12. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  13. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  14. - The http request for mini.png is caused by Trickbot's mshareDll module.
  15. - All of these URLs returned a Windows executable file (EXE).
  16. - Each of these Trickbot EXE has a different gtag.
  17. - These may return files with different hashes every time they are retrieved.
  18.  
  19. FILE INFO:
  20.  
  21. - SHA256 hash: 551cda87e2e95b70538df007685a5e553817e7cba59794737333187b5520fe86
  22. - File size: 679,989 bytes
  23. - File location: hxxp://107.175.116[.]1337/images/flygame.png
  24. - File description: Windows executable file for Trickbot
  25. - Analysis:
  26.  -- https://urlhaus.abuse.ch/url/299195/
  27.  -- https://app.any.run/tasks/b4d6f542-7582-4de9-87cd-d959e995b68d
  28.  -- https://capesandbox.com/analysis/11715/
  29.  -- https://www.hybrid-analysis.com/sample/551cda87e2e95b70538df007685a5e553817e7cba59794737333187b5520fe86
  30.  
  31. - SHA256 hash: 22a43516ead91d7eb04bb63ade228d6a847708d4190274032dbb630504976b81
  32. - File size: 675,893 bytes
  33. - File location: hxxp://107.175.116[.]133/images/lastimg.png
  34. - File description: Windows executable file for Trickbot
  35. - Analysis:
  36.  -- https://urlhaus.abuse.ch/url/297100/
  37.  -- https://app.any.run/tasks/c9f6e633-9784-4bee-96c5-d6803a7896b7
  38.  -- https://capesandbox.com/analysis/11716/
  39.  -- https://www.hybrid-analysis.com/sample/22a43516ead91d7eb04bb63ade228d6a847708d4190274032dbb630504976b81
  40.  
  41. - SHA256 hash: d2b0435cc28232b4a78eff10bc6304cdba3c675ed94b5484d88b357d99612a1c
  42. - File size: 675,893 bytes
  43. - File location: hxxp://107.175.116[.]133/images/mini.png
  44. - File description: Windows executable file for Trickbot
  45. - Analysis:
  46.  -- https://urlhaus.abuse.ch/url/297101/
  47.  -- https://app.any.run/tasks/8e9d3821-477f-4c5b-beb5-3b66223695e8
  48.  -- https://capesandbox.com/analysis/11717/
  49.  -- https://www.hybrid-analysis.com/sample/d2b0435cc28232b4a78eff10bc6304cdba3c675ed94b5484d88b357d99612a1c
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top