Malware-Traffic-Analysis.net - 2020-05-08 - Quick post: Trickbot (gtag chil13) infection in AD environment

2020-05-08 - QUICK POST: TRICKBOT (GTAG CHIL13) INFECTION IN AD ENVIRONMENT

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

2020-05-08-Trickbot-infection-in-AD-environment.pcap.zip 36.7 MB (38,670,058 bytes)

2020-05-08-Trickbot-infection-in-AD-environment.pcap (43,435,601 bytes)

2020-05-08-malware-and-artifacts-from-Trickbot-infection-in-AD-environment.zip 16.5 MB (16,541,060 bytes)

Client/2020-05-08-artifact-when-running-initial-Trickbot-EXE-log46FE.tmp.txt (816 bytes)

Client/2020-05-08-Registry-update-on-Windows-client-for-Trickbot.txt (816 bytes)

Client/2020-05-08-scheduled-task-for-Trickbot.txt (3,214 bytes)

Client/Roaming/44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe (341,504 bytes)

Client/Roaming/StreamApp/a6p215c.exe (291,048 bytes)

Client/Roaming/StreamApp/settings.ini (39,617 bytes)

Client/Roaming/StreamApp/data/importDll64 (7,696,128 bytes)

Client/Roaming/StreamApp/data/injectDll64 (410,560 bytes)

Client/Roaming/StreamApp/data/injectDll64_configs/dinj (15,072 bytes)

Client/Roaming/StreamApp/data/injectDll64_configs/sinj (1,360 bytes)

Client/Roaming/StreamApp/data/injectDll64_configs/dpost (176 bytes)

Client/Roaming/StreamApp/data/mshareDll64 (17,120 bytes)

Client/Roaming/StreamApp/data/networkDll64 (58,192 bytes)

Client/Roaming/StreamApp/data/networkDll64_configs/dpost (1,360 bytes)

Client/Roaming/StreamApp/data/nwormDll64 (27,376 bytes)

Client/Roaming/StreamApp/data/pwgrab64 (1,084,784 bytes)

Client/Roaming/StreamApp/data/pwgrab64_configs/dpost (1,360 bytes)

Client/Roaming/StreamApp/data/tabDll64 (841,568 bytes)

Client/Roaming/StreamApp/data/tabDll64_configs/dpost (1,360 bytes)

Client/Windows/44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe (341,504 bytes)

Client/Windows/lgwgf4lrucfcaa_vo6bqb08eo1nja1f4d_h2dnradrkw11hvguuphvk__7sg7rwb.exe (115,712 bytes)

DC/2020-05-08-registry-update-on-DC-for-Trickbot.txt (2,322 bytes)

DC/2020-05-28-schduled-task-on-DC-for-Trickbot.txt (3,704 bytes)

DC/Windows/0kxk4ha7u63oszriqz3_tkcyw60y1ywmz9sx1xm5m80jja2j5314tuh2_35_kvfk.exe (115,712 bytes)

DC/Windows/4d9i7_qcwgmlkuly41qbit0ec0m1apncp5pw7bi7qeuq__3nr7hak4ynok8n13k1.exe (115,712 bytes)

DC/Windows/aadfcp431b8ikxa0wdto82zhv2yzy32x7bpney7ihkvfbvl_fvmvud8w_2svdgmd.exe (115,712 bytes)

DC/Windows/eyjvj7qzil4m4uh1jg2pomt9jsisa7nu2u2kgjqosr9_g6eikh3qjx2cj6gcrn5o.exe (115,712 bytes)

DC/Windows/iq1bmcw26_7dgq4gx35q7i8t7b7f6q0391ikmrafryn3u4q8rshwg2ycmdk9xf3x.exe (341,504 bytes)

DC/Windows/kdusskpxu_hmv9xstfo_qa6bpmmqe1crntnsd1xqfinag3h50imnzvfm7a9xz4dg.exe (341,504 bytes)

DC/Windows/n3xpsu57gqbi7cracoczzznkl_r031vvuqhmx6i9l0qbsefkqqwhdepnvik2z1b2.exe (341,504 bytes)

DC/Windows/symyeny32dju6c1fn3myts698b85fquthl_ezy6wgb4vw6gylr9yha0_p3ao1ffk.exe (341,504 bytes)

DC/Roaming/iq1bmcw26_7dgq4gx35q7i8t7b7f6q0391ikmrafryn3u4q8rshwg2ycmdk9xf3x.exe (341,504 bytes)

DC/Roaming/kdusskpxu_hmv9xstfo_qa6bpmmqe1crntnsd1xqfinag3h50imnzvfm7a9xz4dg.exe (341,504 bytes)

DC/Roaming/n3xpsu57gqbi7cracoczzznkl_r031vvuqhmx6i9l0qbsefkqqwhdepnvik2z1b2.exe (341,504 bytes)

DC/Roaming/symyeny32dju6c1fn3myts698b85fquthl_ezy6wgb4vw6gylr9yha0_p3ao1ffk.exe (341,504 bytes)

DC/Roaming/CommandLineEx/iq1bmcw26_7dgq4gx35q7i8t7b7f6q0391ikmrafryn3u4q8rshwg2ycmdk9xf3x.exe (341,504 bytes)

DC/Roaming/CommandLineEx/kdusskpxu_hmv9xstfo_qa6bpmmqe1crntnsd1xqfinag3h50imnzvfm7a9xz4dg.exe (341,504 bytes)

DC/Roaming/CommandLineEx/n3xpsu57gqbi7cracoczzznkl_r031vvuqhmx6i9l0qbsefkqqwhdepnvik2z1b2.exe (341,504 bytes)

DC/Roaming/CommandLineEx/settings.ini (38,938 bytes)

DC/Roaming/CommandLineEx/symyeny32dju6c1fn3myts698b85fquthl_ezy6wgb4vw6gylr9yha0_p3ao1ffk.exe (341,504 bytes)

DC/Roaming/CommandLineEx/data/mshareDll64 (17,120 bytes)

DC/Roaming/CommandLineEx/data/networkDll64 (58,192 bytes)

DC/Roaming/CommandLineEx/data/networkDll64_configs/dpost (1,360 bytes)

DC/Roaming/CommandLineEx/data/nwormDll64 (27,376 bytes)

DC/Roaming/CommandLineEx/data/pwgrab64 (1,084,784 bytes)

DC/Roaming/CommandLineEx/data/pwgrab64_configs/dpost (1,360 bytes)

DC/Roaming/CommandLineEx/data/tabDll64 (841,568 bytes)

DC/Roaming/CommandLineEx/data/tabDll64_configs/dpost (1,360 bytes)

Click here to return to the main page.