SHARE
TWEET

2019-03-05 - Trickbot inject module name tied to gtag now

malware_traffic Mar 5th, 2019 (edited) 677 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-03-05 TRICKBOT INJECT MODULE NAME TIED TO GTAG NOW
  2.  
  3. - Associated tweet: https://twitter.com/malware_traffic/status/1102947639094661120
  4.  
  5. - SHA256 hash: 3f329b7074bb650135f1cd84ac92155f7b48aa377bd9464cedb41aae56eae1d6
  6. - File size: 260,096 bytes
  7. - File description: Trickbot caused by Emotet on 2019-03-05, gtag: sok2
  8. - Any.run analysis: https://app.any.run/tasks/be1afe79-f028-492a-b7e9-ffb41e6cc7ec
  9. - CAPE sandbox: https://cape.contextis.com/analysis/42486/
  10. - Reverse.it: https://www.reverse.it/sample/3f329b7074bb650135f1cd84ac92155f7b48aa377bd9464cedb41aae56eae1d6
  11.  
  12. - SHA256 hash: 1c6019ba825cf00d1b07e8c8cd9e3a256259332367b7cb5cce3493221dfbd66d
  13. - File size: 1,034,176 bytes
  14. - File description: sokinjectDll64 (data file for sokinject module from infected Windows host)
  15. - Any.run analysis: https://app.any.run/tasks/23869a89-5420-4868-8714-551c7165776b
  16. - CAPE sandbox: https://cape.contextis.com/analysis/42491/
  17. - Reverse.it: https://www.reverse.it/sample/1c6019ba825cf00d1b07e8c8cd9e3a256259332367b7cb5cce3493221dfbd66d
  18.  
  19. - SHA256 hash: 9a79146bc6418a68330d6132f98a8fade1c4db57886363ca22bb63087b0a7615
  20. - File size: 31,249 bytes
  21. - File description: settings.ini (paired with sokinjectDll64 for this particluar infection)
  22. - Any.run analysis: https://app.any.run/tasks/675a80ef-60d2-423e-b2a6-453daecb939b
  23. - CAPE sandbox: https://cape.contextis.com/analysis/42492/
  24. - Reverse.it: https://www.reverse.it/sample/9a79146bc6418a68330d6132f98a8fade1c4db57886363ca22bb63087b0a7615
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top