2018-04-16 - QUICK POST: TRICKBOT MALSPAM AND TRAFFIC
Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
- 2018-04-16-Trickbot-malspam-1155-UTC.eml.zip 26 kB (26,302 bytes)
- 2018-04-16-Trickbot-malspam-infection-traffic.pcap.zip 4.3 MB (4,273,471 bytes)
- 2018-04-16-Trickbot-infection-malware-and-artifacts.zip 410 kB (409,952 bytes)
NOTES:
- Following up on today's post by My Online Security about fake Royal Bank of Scotland emails delivering Trickbot banking trojan via Microsoft Equation Editor exploit.
IMAGES
Shown above: Screenshot of the email.
Shown above: Opening the attached file on a vulnerable Windows host.
Shown above: Traffic from an infection filtered in Wireshark.
Shown above: Artifacts found on the infected Windows host (1 of 2).
Shown above: Artifacts found on the infected Windows host (2 of 2).
Shown above: Scheduled task to ensure persistence on the infected Windows host.
Click here to return to the main page.