SHARE
TWEET

Trickbot EXE from .png URLs as of Thursday 2019-12-19

malware_traffic Dec 19th, 2019 723 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FROM .PNG URLS AS OF THURSDAY 2019-12-19
  2.  
  3. URLS:
  4.  
  5. - hxxp://64.44.51[.]114/images/flygame.png
  6. - hxxp://64.44.51[.]114/images/lastimg.png
  7. - hxxp://64.44.51[.]114/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - I think these are different file hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: bd1bf7a54c085859287ee903d63ed47c4f2d089fee49a3bd2a63a16eb9af4205
  21. - File size: 643,198 bytes
  22. - File location: hxxp://64.44.51[.]114/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/273261/
  26.  -- https://app.any.run/tasks/0869a11e-a21f-43e5-8a56-be1a4f3220bd
  27.  -- https://hybrid-analysis.com/sample/bd1bf7a54c085859287ee903d63ed47c4f2d089fee49a3bd2a63a16eb9af4205
  28.  
  29. - SHA256 hash: 8f4e7faf3b46423d0b7412e63459b1ff24a1f2c80e4754926eefa40c8fe6e4a1
  30. - File size: 643,198 bytes
  31. - File location: hxxp://64.44.51[.]114/images/lastimg.png
  32. - File description: Windows executable file for Trickbot
  33. - Analysis:
  34.  -- https://urlhaus.abuse.ch/url/273262/
  35.  -- https://app.any.run/tasks/58373d87-5399-409f-a95b-04390b0909d2
  36.  -- https://hybrid-analysis.com/sample/8f4e7faf3b46423d0b7412e63459b1ff24a1f2c80e4754926eefa40c8fe6e4a1
  37.  
  38. - SHA256 hash: 38484ecbe01f1f043dfa4ff187e12e704716d57309309f85c47ef8f56dc0a6bc
  39. - File size: 643,198 bytes
  40. - File location: hxxp://64.44.51[.]114/images/mini.png
  41. - File description: Windows executable file for Trickbot
  42. - Analysis:
  43.  -- https://urlhaus.abuse.ch/url/273263/
  44.  -- https://app.any.run/tasks/eb2f4a46-6b78-4f8a-8aca-e57933911ef5
  45.  -- https://hybrid-analysis.com/sample/38484ecbe01f1f043dfa4ff187e12e704716d57309309f85c47ef8f56dc0a6bc
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top