2018-10-05 - QUICK POST: TRICKBOT MALSPAM, GTAG SAT74

ASSOCIATED FILES:

  • 2018-10-05-Trickbot-artifact-libc.bat.txt
  • 2018-10-05-scheduled-task-to-keep-Trickbot-persistent-Msnetcs.xml.txt
  • 2018-10-05-Trickbot-malware-binary-gtag-sat74.exe
  • AMNI/
  • AMNI/FAQ
  • AMNI/grabber_temp.INTEG.RAW
  • AMNI/Modules/
  • AMNI/Modules/importDll64
  • AMNI/Modules/injectDll64
  • AMNI/Modules/injectDll64_configs/
  • AMNI/Modules/injectDll64_configs/dinj
  • AMNI/Modules/injectDll64_configs/dpost
  • AMNI/Modules/injectDll64_configs/sinj
  • AMNI/Modules/mailsearcher64
  • AMNI/Modules/mailsearcher64_configs/
  • AMNI/Modules/mailsearcher64_configs/mailconf
  • AMNI/Modules/networkDll64
  • AMNI/Modules/networkDll64_configs/
  • AMNI/Modules/networkDll64_configs/dpost
  • AMNI/Modules/systeminfo64
  • AMNI/README.md
  • AMNI/rtrddsettrnrtack.exe

 

IMAGES


Shown above:  Screenshot of the email pushing Trickbot.

 


Shown above:  Word document attached to the malspam.

 


Shown above:  Traffic from an infected host filtered in Wireshark.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.