SHARE
TWEET

Trickbot EXE files from .png URLs on Monday 2020-02-03

malware_traffic Feb 3rd, 2020 1,326 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TRICKBOT EXE FILES FROM .PNG URLs ON MONDAY 2020-02-03
  2.  
  3. URLS:
  4.  
  5. - hxxp://198.23.252[.]135/images/flygame.png
  6. - hxxp://198.23.252[.]135/images/lastimg.png
  7. - hxxp://198.23.252[.]135/images/mini.png
  8.  
  9. NOTES:
  10.  
  11. - The http request for flygame.png is caused by Trickbot's mwormDll module.
  12. - The http request for lastimg.png is caused by Trickbot's tabDll module.
  13. - The http request for mini.png is caused by Trickbot's mshareDll module.
  14. - All of these URLs returned a Windows executable file (EXE).
  15. - Each of these Trickbot EXE has a different gtag.
  16. - These may return files with different hashes every time they are retrieved.
  17.  
  18. FILE INFO:
  19.  
  20. - SHA256 hash: 64c393c0fc92f1f44dfbd7e55744c7e1fa60525fb3b50b9c60960e06b883cf93
  21. - File size: 610,304 bytes
  22. - File location: hxxp://198.23.252[.]135/images/flygame.png
  23. - File description: Windows executable file for Trickbot
  24. - Analysis:
  25.  -- https://urlhaus.abuse.ch/url/307238/
  26.  -- https://app.any.run/tasks/3798459f-313b-47c9-a3d8-cb3c637680fd
  27.  -- https://capesandbox.com/analysis/12139/
  28.  -- https://www.hybrid-analysis.com/sample/64c393c0fc92f1f44dfbd7e55744c7e1fa60525fb3b50b9c60960e06b883cf93
  29.  
  30. - SHA256 hash: 6639342e99ef75e970b2e4d63ba00cfb106f925f2c63a6d4def5b0ee9f942cf9
  31. - File size: 606,208 bytes
  32. - File location: hxxp://198.23.252[.]135/images/lastimg.png
  33. - File description: Windows executable file for Trickbot
  34. - Analysis:
  35.  -- https://urlhaus.abuse.ch/url/307239/
  36.  -- https://app.any.run/tasks/fa8c3dec-3fa3-4f0f-9c13-7bbd64728693
  37.  -- https://capesandbox.com/analysis/12140/
  38.  -- https://www.hybrid-analysis.com/sample/6639342e99ef75e970b2e4d63ba00cfb106f925f2c63a6d4def5b0ee9f942cf9
  39.  
  40. - SHA256 hash: 96bfc867e032850b2f954270339f826e80af2abf10fd116897ebdd872265d978
  41. - File size: 606,208 bytes
  42. - File location: hxxp://198.23.252[.]135/images/mini.png
  43. - File description: Windows executable file for Trickbot
  44. - Analysis:
  45.  -- https://urlhaus.abuse.ch/url/307240/
  46.  -- https://app.any.run/tasks/3e931fe2-7bd4-409a-bb03-7f776b2e270b
  47.  -- https://capesandbox.com/analysis/12142/
  48.  -- https://www.hybrid-analysis.com/sample/96bfc867e032850b2f954270339f826e80af2abf10fd116897ebdd872265d978
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top