2018-04-04 - QUICK POST: TRICKBOT MALSPAM

ASSOCIATED FILES:

• Zip archive of the traffic:  2018-04-04-Trickbot-malspam-infection-traffic.pcap.zip   13.9 MB (13,858,179 bytes)

• 2018-04-04-Trickbot-malspam-infection-traffic.pcap   (14,457,170 bytes)

• Zip archive of the emails:  2018-04-04-Trickbot-malspam-1002-UTC.eml.zip   36.9 kB (36,870 bytes)

• 2018-04-04-Trickbot-malspam-1002-UTC.eml   (109,740 bytes)

• Zip archive of the malware:  2018-04-04-Trickbot-infection-artifacts.zip   416 kB (415,574 bytes)

• 2018-04-04-Trickbot-binary-1-of-2.exe   (434,176 bytes)
• 2018-04-04-Trickbot-binary-2-of-2.exe   (446,464 bytes)
• 2018-04-04-email-attachment-encrypted_message.doc   (63,488 bytes)
• 2018-04-04-scheduled-task-for-Trickbot-MsNetValidator.xml.txt   (3,736 bytes)

NOTES:

• This is a follow-up to a post from myonlinesecurity.co.uk titled: Fake "HSBC SecureMail Activity Confirmation – Do Not Reply." delivers Trickbot banking trojan
• Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

Click here to return to the main page.