2017-08-21 - MALSPAM CONTINUES PUSHING TRICKBOT BANKING TROJAN

ASSOCIATED FILES:

  • 2017-08-21-Trickbot-malspam-traffic.pcap   (1,246,136 bytes)
  • 2017-08-21-Trickbot-Vpjnf.bat.txt   (332 bytes)
  • 2017-08-21-Trickbot-Xttayo.exe   (509,952 bytes)
  • 2017-08-21-Trickbot-malspam-0924-UTC.eml   (133,295 bytes)
  • 2017-08-21-Trickbot-services_update.xml.txt   (3,950 bytes)
  • NatWest258345907_2243.doc   (96,258 bytes)

ASSOCIATED BLOG POSTS:

 

EMAIL

HEADER INFORMATION:

 


Shown above:  Screenshot of the email.

 


Shown above:  Attachment from the email.

 

TRAFFIC


Shown above:  Traffic from an infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

MALWARE

EMAIL ATTACHMENT (WORD DOCUMENT):

TRICKBOT BINARY:


Shown above:  Today's Trickbot binary.

 


Shown above:  Scheduled taskt to keep Trickbot binary persistent after a reboot.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.