malware_traffic

2018-12-28 Trickbot EXEs sent as .png from 198.144.189[.]191

Dec 28th, 2018
733
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2018-12-28 - TRICKBOT EXECUTABLE FILES SENT AS .PNG URLS FROM 198.144.189[.]191
  2.  
  3. - SHA256 hash: 310c14c8b7e303030149a21700c66f3fcbd5b9e22c034134d73f38856b6b7314
  4. - File size: 200,704 bytes
  5. - File name: radiance.png
  6. - File description: Trickbot EXE - gtag: tot384
  7. - Any.Run analysis: https://app.any.run/tasks/39e43492-4d0e-426a-9c3b-554da4c28529
  8. - CAPE sandbox analysis: https://cape.contextis.com/analysis/28842/
  9. - Reverse.it analysis: https://www.reverse.it/sample/310c14c8b7e303030149a21700c66f3fcbd5b9e22c034134d73f38856b6b7314
  10.  
  11. - SHA256 hash: cf7be53c0d872565af0b1b0c22b92f17f7a44d4a1a4cbf39f50c2c2a602ce90f
  12. - File size: 200,704 bytes
  13. - File name: table.png
  14. - File description: Trickbot EXE - gtag: lib384
  15. - Any.Run analysis: hhttps://app.any.run/tasks/29cb9994-5319-4180-b109-953bb0838587
  16. - CAPE sandbox analysis: https://cape.contextis.com/analysis/28843/
  17. - Reverse.it analysis: https://www.reverse.it/sample/cf7be53c0d872565af0b1b0c22b92f17f7a44d4a1a4cbf39f50c2c2a602ce90f
  18.  
  19. - SHA256 hash: 0439f9a010dd2a8c0af86ec77d75ef3922d8085f68af6cef98e4ffdb3be74006
  20. - File size: 200,704 bytes
  21. - File name: worming.png
  22. - File description: Trickbot EXE - gtag: jim384
  23. - Any.Run analysis: https://app.any.run/tasks/cf880a08-127e-446b-92f8-33d583e802f3
  24. - CAPE sandbox analysis: https://cape.contextis.com/analysis/28844/
  25. - Reverse.it analysis: https://www.reverse.it/sample/0439f9a010dd2a8c0af86ec77d75ef3922d8085f68af6cef98e4ffdb3be74006
  26.  
  27. NOTE: toler.png is also available from 198.144.189[.]191, but it's still an old file from September 2018.
  28.  
  29. - SHA256 hash: b188ac573ace0648594b9abb1e04093f723992667c4fb369b162012a359b0599
  30. - File size: 336,896 bytes
  31. - File name: toler.png
  32. - File description: Trickbot EXE - gtag: tot302
RAW Paste Data