Trickbot_Stealer_03-07-2019

1. #Trickbot #Stealer
2. ---------------------------------
3. 03-07-2019
4. ---------------------------------
5. Main object- "b74da51b70462070e457dd72611545c58dff1ed82b5ed44091a6a23a6a6d5585.bin.gz"
6. sha256 fa9825e7462a93295c9f2202a37a570882467d9d401b42dae9c6305a1c8acbbf
7. sha1 f7cc2b1f68fd46e1e01cac92d30cc74ea95ffc74
8. md5 0d1c724c797a9e30ba268879c9aca73a
9. ssdeep_parts [object Object]
10. Dropped executable file
11. sha256 C:\Users\admin\AppData\Local\Temp\YCUsW.exe 96076cee9a7fec7ec050e0c5861e43d6be4f0a8d34c2600a5f93f07359d0032e
12. DNS requests
13. domain pouyas.com
14. domain checkip.amazonaws.com
15. Connections
16. ip 64.37.52.189
17. ip 82.202.221.160
18. ip 66.70.218.60
19. ip 195.161.41.253
20. ip 34.233.102.38
21. ip 170.238.117.187
22. ip 186.10.243.70
23. HTTP/HTTPS requests
24. url http://checkip.amazonaws.com/
25. url http://170.238.117.187:8082/ono5/USER-PC_W617601.21720B4DE8D29C95B78A554B3C5A3A9B/81/
26. url http://170.238.117.187:8082/ono5/USER-PC_W617601.21720B4DE8D29C95B78A554B3C5A3A9B/83/