2019-04-27 - QUICK POST: TRICKBOT INFECTION TRAFFIC

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2019-04-27-Trickbot-infection-traffic.pcap.zip   26.0 MB (25,968,095 bytes)

• 2019-04-27-Trickbot-infection-traffic.pcap   (29,189,049 bytes)

• 2019-04-27-Trickbot-malware-and-artifacts.zip   12.0 MB (12,040,096 bytes)

• 2019-04-27-downloaded-zip-archive-from-link-in-malspam.zip   (96,576 bytes)
• 2019-04-27-VBS-file-extracted-from-downloaded-zip-archive.txt   (1,39,526 bytes)
• 2019-04-27-scheduled-task-to-keep-Trickbot-persistent.txt   (3,786 bytes)
• gpuDriver/a.exe   (462,848 bytes)
• gpuDriver/Data/importDll64   (8,952,080 bytes)
• gpuDriver/Data/injectDll64   (716,224 bytes)
• gpuDriver/Data/injectDll64_configs/dinj   (132,384 bytes)
• gpuDriver/Data/injectDll64_configs/dpost   (928 bytes)
• gpuDriver/Data/injectDll64_configs/sinj   (84,640 bytes)
• gpuDriver/Data/mailsearcher64   (28,336 bytes)
• gpuDriver/Data/mailsearcher64_configs/mailconf   (224 bytes)
• gpuDriver/Data/networkDll64   (22,704 bytes)
• gpuDriver/Data/networkDll64_configs/dpost   (928 bytes)
• gpuDriver/Data/psfin64   (22,192 bytes)
• gpuDriver/Data/psfin64_configs/dpost   (928 bytes)
• gpuDriver/Data/pwgrab64   (1,304,928 bytes)
• gpuDriver/Data/pwgrab64_configs/dpost   (928 bytes)
• gpuDriver/Data/shareDll64   (12,512 bytes)
• gpuDriver/Data/systeminfo64   (21,168 bytes)
• gpuDriver/Data/wormDll64   (56,096 bytes)
• gpuDriver/settings.ini   (50,979 bytes)
• gpuDriver/tmp3029.txu   (679,936 bytes)

NOTES:

• This infection chain is from a URL that delivered a zip archive containing a VBS file pushing Trickbot (gtag: ono1).
• I wasn't able to find any examples of the malspam, though.

 

Click here to return to the main page.