SHARE
TWEET

Trickbot EXE from .png URLs as of Thursday 2019-12-26

malware_traffic Dec 26th, 2019 1,257 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS AS OF THURSDAY 2019-12-26
  2.  
  3. URLS:
  4.  
  5. - hxxp://5.182.211[.]76/images/flygame.png
  6. - hxxp://5.182.211[.]76/images/lastimg.png
  7. - hxxp://5.182.211[.]76/images/mini.png
  8.  
  9.  
  10. - One of these URLs was submitted to VirusTotal on Monday 2019-12-23
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These appear to return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: 430fb1394b5c2bcec4cc37eb0112d2807a24b7ea0d910efcdcd7493ca66c29d5
  21. - File size: 352,256 bytes
  22. - File location: hxxp://5.182.211[.]76/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/279170/
  26.  -- https://app.any.run/tasks/588c575b-866b-44a7-9295-902c7f994784
  27.  -- https://hybrid-analysis.com/sample/430fb1394b5c2bcec4cc37eb0112d2807a24b7ea0d910efcdcd7493ca66c29d5
  28.  
  29. - SHA256 hash: 7ba2496e888beaaff008e5cc49d5e883641eb7338f4a654a54bbeb96506f1bc8
  30. - File size: 352,256 bytes
  31. - File location: hxxp://5.182.211[.]76/images/lastimg.png
  32. - File description: Windows executable file for Trickbot
  33. - Analysis:
  34.  -- https://urlhaus.abuse.ch/url/279171/
  35.  -- https://app.any.run/tasks/9fe59ad6-4270-4244-b68e-8e2d9c2d11fe
  36.  -- https://hybrid-analysis.com/sample/7ba2496e888beaaff008e5cc49d5e883641eb7338f4a654a54bbeb96506f1bc8
  37.  
  38. - SHA256 hash: 5933adae2b826dccc03edc7258fca62b4f03239436b11dac0fcecaf653db43d3
  39. - File size: 352,256 bytes
  40. - File location: hxxp://5.182.211[.]76/images/mini.png
  41. - File description: Windows executable file for Trickbot
  42. - Analysis:
  43.  -- https://urlhaus.abuse.ch/url/279172/
  44.  -- https://app.any.run/tasks/d70ba3e6-9039-4e07-996a-b0c96b85e79c
  45.  -- https://hybrid-analysis.com/sample/5933adae2b826dccc03edc7258fca62b4f03239436b11dac0fcecaf653db43d3
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top