Advertisement
malware_traffic

Trickbot EXE from .png URLs as of Monday 2020-01-06

Jan 6th, 2020
3,767
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.88 KB | None | 0 0
  1. TRICKBOT EXE FROM .PNG URLS AS OF MONDAY 2020-01-06
  2.  
  3. URLS:
  4.  
  5. - hxxp://108.170.52[.]147/images/flygame.png
  6. - hxxp://108.170.52[.]147/images/lastimg.png
  7. - hxxp://108.170.52[.]147/images/mini.png
  8.  
  9.  
  10. - Each of these URLs were submitted to VirusTotal as early as Monday 2020-01-06.
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These appear to return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: 413353daef5651ed2ca38ebc5cdae1a8aded3edeb466f83067db8489333003ed
  21. - File size: 373,792 bytes
  22. - File location: hxxp://108.170.52[.]147/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25. -- https://urlhaus.abuse.ch/url/283530/
  26. -- https://app.any.run/tasks/2c735ee6-4160-439a-b38b-fce7c505a58e
  27. -- https://capesandbox.com/analysis/10380/
  28.  
  29. - SHA256 hash: 6c6de626fa54575d9d6ebf79d99af68afa93fd18a16aa6f53f298171b18378c3
  30. - File size: 369,696 bytes
  31. - File location: hxxp://108.170.52[.]147/images/lastimg.png
  32. - File description: Windows executable file for Trickbot
  33. - Analysis:
  34. -- https://urlhaus.abuse.ch/url/283531/
  35. -- https://app.any.run/tasks/ef8332c3-bb71-40f9-8108-ce7cae2ae8e3
  36. -- https://capesandbox.com/analysis/10382/
  37.  
  38. - SHA256 hash: f816e060f4f8735d2d72574409c85b599a594491ea022d273caf1b357d0ebd11
  39. - File size: 369,696 bytes
  40. - File location: hxxp://108.170.52[.]147/images/mini.png
  41. - File description: Windows executable file for Trickbot
  42. - Analysis:
  43. -- https://urlhaus.abuse.ch/url/283532/
  44. -- https://app.any.run/tasks/4466843d-5ade-43c4-843f-a407df91dd84
  45. -- https://capesandbox.com/analysis/10383/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement