2018-10-10 - QUICK POST: PAYPAL-THEMED TRICKBOT MALSPAM TARGETING UNITED STATES
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Email tracker: 2018-10-10-Paypal-themed-Trickbot-malspam-tracker-12-examples.csv.zip 1.4 kB (1,390 bytes)
- 2018-10-10-Paypal-themed-Trickbot-malspam-tracker-12-examples.csv (7,480 bytes)
- Traffic: 2018-10-10-Trickbot-gtag-sat77-infection-for-24-hours.pcap.zip 28.4 MB (28,432,293 bytes)
- 2018-10-10-Trickbot-gtag-sat77-infection-for-24-hours.pcap (30,983,210 bytes)
- Malware: 2018-10-10-Trickbot-emails-malware-and-artifacts.zip 12 MB (12,049,660 bytes)
- attachments/PP-103647662-016.doc
- attachments/PP-103647662-023.doc
- attachments/PP-103647662-027.doc
- attachments/PP-103647662-060.doc
- attachments/PP-103647662-098.doc
- attachments/PP-381557205-002.doc
- attachments/PP-381557205-015.doc
- attachments/PP-381557205-050.doc
- attachments/PP-381557205-070.doc
- attachments/PP-381557205-078.doc
- attachments/PP-381557205-084.doc
- attachments/PP-911730822-008.doc
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-175723-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-180154a-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-180154b-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-180154c-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-180154d-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-180155-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-181725-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-182131-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-182132-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-182133-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-184229-UTC.eml
- emails/2018-10-10-Trickbot-malspam-Paypal-themed-184232-UTC.eml
- malware-and-artifacts/2018-10-10-Trickbot-artifact-getqrrorqessages.bat.txt
- malware-and-artifacts/2018-10-10-Trickbot-gtag-sat77-malware-binary.exe
- malware-and-artifacts/2018-10-10-Trickbot-scheduled-task-Msnetcs.xml.txt
- malware-and-artifacts/Modules/
- malware-and-artifacts/Modules/importDll64
- malware-and-artifacts/Modules/injectDll64
- malware-and-artifacts/Modules/injectDll64_configs/
- malware-and-artifacts/Modules/injectDll64_configs/dinj
- malware-and-artifacts/Modules/injectDll64_configs/dpost
- malware-and-artifacts/Modules/injectDll64_configs/sinj
- malware-and-artifacts/Modules/mailsearcher64
- malware-and-artifacts/Modules/mailsearcher64_configs/
- malware-and-artifacts/Modules/mailsearcher64_configs/mailconf
- malware-and-artifacts/Modules/networkDll64
- malware-and-artifacts/Modules/networkDll64_configs/
- malware-and-artifacts/Modules/networkDll64_configs/dpost
- malware-and-artifacts/Modules/shareDll64
- malware-and-artifacts/Modules/systeminfo64
NOTES:
- I let my infected lab host run for 24 hours, just to see if I'd get anything interesting, but nothing exciting happened. It was just typical Trickbot traffic.
- Feel free to dig into the spreadsheet tracker, pcap, and the 12 emails/attachments for more info.
- Thanks to "Mister H" for getting me these 12 Trickbot malspam samples so I could santize and share them.
Click here to return to the main page.