SHARE
TWEET

2019-02-14 - Recent Trickbot weirdness

malware_traffic Feb 14th, 2019 1,777 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-02-14 - RECENT TRICKBOT WEIRDNESS
  2.  
  3. NOTES:
  4.  
  5. I found two executables related to Trickbot on 2019-02-14.  These are similar to two executables related to Trickbot from 2019-02-13.  See the info below.
  6.  
  7. 2019-02-14:
  8.  
  9. - SHA256 hash: d8bc6a4b84adbed694c8de3b0f9984527de6183410e45749583bbcd318f2f8f6
  10. - File size: 2,889,643 bytes
  11. - File location: hxxp://46.249.62[.]199/Tinx86_14.exe
  12. - Requests Trickbot EXE from: hxxp://5.45.74[.]250/tin.png (possibly sin.png or win.png too)
  13. - Any.Run analysis:
  14. - CAPE sandbox: https://cape.contextis.com/analysis/37164/
  15. - Reverse.it: https://www.reverse.it/sample/d8bc6a4b84adbed694c8de3b0f9984527de6183410e45749583bbcd318f2f8f6
  16.  
  17.  
  18. - SHA256 hash: 626f078121ea2294c5a358330773928a8b167c3c830d58de1a7a6c8fe36819fb
  19. - File size: 187,392 bytes
  20. - File location: hxxp://46.249.62[.]199/Sw9JKmXqaSj.exe
  21. - Requests Trickbot EXE from: hxxp://5.45.74[.]250/sin.png (possibly sin.png or win.png too)
  22. - Any.Run analysis: https://app.any.run/tasks/b0c83eb9-8fcd-4a9d-a72c-cbf22774fe2a
  23. - CAPE sandbox: https://cape.contextis.com/analysis/37169/
  24. - Reverse.it: https://www.reverse.it/sample/626f078121ea2294c5a358330773928a8b167c3c830d58de1a7a6c8fe36819fb
  25.  
  26. 2019-02-13:
  27.  
  28. - SHA256 hash: 008d66ce64d261d5165809b0b201c18ac195060c8d4bf06ae761000c0850b307
  29. - File size: 2,869,757 bytes
  30. - File location: hxxp://46.249.62[.]199/46.249.62.199/Tini_x86Crypt.exe
  31. - Requests Trickbot EXE from: hxxp://185.243.114[.]109/tin.png (possibly sin.png or win.png too)
  32.  
  33. - SHA256 hash:5f3e2798165e268f95afe81e403418d8e839e72f615f91fbbcaeb69e3ade446e
  34. - File size: 220,157 bytes
  35. - File location: hxxp://46.249.62[.]199/46.249.62.199/Sw9GJnSXqSh.exe
  36. - Requests Trickbot EXE from: hxxp://185.243.114[.]109/sin.png (possibly sin.png or win.png too)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top