SHARE
TWEET

Since 2019-02-04 - Trickbot EXEs as PNG: Sin, Tin, and Win

malware_traffic Feb 8th, 2019 (edited) 876 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES AS PNG AS EARLY AS 2019-02-04: SIN, TIN, AND WIN
  2.  
  3. - Searching my employer's tools for recent Trickbot EXEs sent as PNG files, I found some new names.
  4. - Since 2019-02-04, I found sin.png, tin.png, and win.png.
  5. - This is in addition to the normal radiance.png, table.png, and worming.png which are also still happening.
  6. - As I type this, @abuse_ch has already reported two URLs for sin.png to URLhaus.ch starting on 2019-02-06.
  7.   -- https://urlhaus.abuse.ch/browse.php?search=sin.png
  8.  
  9. ZIP ARCHIVE OF THESE MALWARE SAMPLES:
  10.  
  11. - https://www.malware-traffic-analysis.net/2019/02/07/2019-02-04-thu-07-sin-tin-win-png-malware-exe-files.zip
  12.  
  13. FILE HASHES, URLS, AND DATES FIRST SEEN:
  14.  
  15. - File location: hxxp://185.68.93[.]30/sin.png
  16. - SHA256 hash: d06432486e7e9c2b8aaef4f42c11cf8efe19689638a3512ce931a23bdb5f2b4c (2019-02-05) 561,152 bytes
  17.  
  18. - File location: hxxp://62.108.34[.]17/sin.png
  19. - SHA256 hash: 7ca05eb979acd3f751cca4a62c11d1266fb12581d9c0f6a33023fc999116d7ba (2019-02-06) 237,568 bytes
  20. - SHA256 hash: b68f7c29d3e0d98c41ffc5adba256b9bf408c2f43c1f620dcffd8ce620952a5b (2019-02-07) 868,352 bytes
  21.  
  22. - File location: hxxp://185.68.93[.]30/tin.png
  23. - SHA256 hash: 32640b777321e41bdfd0a71d8138e6fe3e384f7977b05d6785043afec6555e11 (2019-02-05) 561,152 bytes
  24.  
  25. - File location: hxxp://185.68.93[.]30/win.png
  26. - SHA256 hash: e996bd6c4c503dcb200ac7350d3700df1194f79cd51b6502bda5594c07c8e840 (2019-02-04) 324,491 bytes
  27. - SHA256 hash: 8d65b4a51e1c8a0910ad641008e60e23a048fc7ffc1955c5e256ea2806853bdc (2019-02-05) 561,152 bytes
  28.  
  29. - File location: hxxp://62.108.34[.]17/win.png
  30. - SHA256 hash: ec4943433a9309517eb383680a3aabf917372c92238d930253a516d9713dfd7e (2019-02-06) 237,568 bytes
  31. - SHA256 hash: c59251e76148c05cf854363b4ff80a2873dfbe3c2932e6f1ac673e827ac83b41 (2019-02-07) 868,352 bytes
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top