Skip to content

Instantly share code, notes, and snippets.

@adelmas

adelmas/trickbot_1000044.xml

Created August 30, 2017 21:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adelmas/d5c5309f29e6154c5f4112aad1d4294a to your computer and use it in GitHub Desktop.
Save adelmas/d5c5309f29e6154c5f4112aad1d4294a to your computer and use it in GitHub Desktop.
Download ZIP
Trickbot ver. 1000044, gtag tt0002 - Decrypted configs
Raw
trickbot_1000044.xml
<mcconf>
<ver>1000044</ver>
<gtag>tt0002</gtag>
<servs>
<srv>84.238.198.166:449</srv>
<srv>91.139.236.92:449</srv>
<srv>84.40.65.85:449</srv>
<srv>51.254.164.249:443</srv>
<srv>188.165.62.15:443</srv>
<srv>67.21.84.23:443</srv>
<srv>210.16.102.251:443</srv>
<srv>188.165.62.8:443</srv>
<srv>185.147.34.95:443</srv>
<srv>185.158.115.151:443</srv>
<srv>104.152.187.28:443</srv>
<srv>5.152.210.179:443</srv>
<srv>178.156.202.227:443</srv>
<srv>216.107.149.57:443</srv>
<srv>194.87.237.129:443</srv>
<srv>194.87.235.164:443</srv>
<srv>93.95.97.180:443</srv>
<srv>194.87.238.42:443</srv>
<srv>178.156.202.226:443</srv>
<srv>185.117.73.4:443</srv>
</servs>
<autorun>
<module name="systeminfo" ctl="GetSystemInfo"/>
<module name="injectDll"/>
</autorun>
</mcconf>
http://185.158.115.21/379.png (AES encrypted)
<dpost>
<handler>http://194.87.102.167:8082</handler>
</dpost>
<mail>
<handler>194.87.102.167:443</handler>
</mail>
<servconf>
<expir>1514678400</expir>
<plugins>
<psrv>188.165.62.11:447</psrv>
<psrv>89.46.222.232:447</psrv>
<psrv>194.87.98.185:447</psrv>
<psrv>194.87.102.36:447</psrv>
<psrv>37.59.80.99:447</psrv>
<psrv>194.87.234.22:447</psrv>
</plugins>
</servconf>
<bcservers>
<srv ip="66.85.27.117" port="447"/>
</bcservers>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment