Rewterz Threat Alert – Malspam Campaigns Spreading Dridex Banking Trojan
November 20, 2019Rewterz Threat Advisory – Linux Webmin Servers Being Attacked by New P2P Roboto Botnet
November 21, 2019Rewterz Threat Alert – Malspam Campaigns Spreading Dridex Banking Trojan
November 20, 2019Rewterz Threat Advisory – Linux Webmin Servers Being Attacked by New P2P Roboto Botnet
November 21, 2019Severity
High
Analysis Summary
TRICKBOT is an info-stealer banking trojan which has been used in multiple malspam campaigns for a while. The trojan is capable of stealing credentials, moving laterally, stealing data and providing remote access to malicious threat actors. Indicators of compromise have been retrieved from most recent campaigns dropping the Trickbot malware.
Impact
- Information Disclosure
- Credential Theft
- Unauthorized Remote Access
Indicators of Compromise
MD5
- da77fae2b9245ff7fd1ff5e097094421
- 4c28c31537491782f4fd72c6c981b422
- 4ca2e41f6336c9a1a91567939538ed4e
- c7d7d5282b1f50074bd83e534115eff0
- 290583efdf6f8ac36f56c2dfe5efc958
- e48450e526ff57dae1c28f540352d37b
- f892b36774517ef25355345c9a152dc9
- c09a4bbb16553d4e0ad88315ff6a46b4
- 296ea4976390a4469cd495b85ca9c983
- c20b04b9ea7d91eaa1027c33d0c81a15
- 1fd71bbb44a264412e53263ee94e60aa
- 54ce54fca50b62ac0f7fcd84822a3923
- 3f82a50d04cdd43eb9b9432bcd3ab8a3
- f16242c00a9d8718170e682d0b828ca6
SHA-256
- af72ea0349dc0e1cd9f6c6a3f3bd58fa828ec14d59d60b8713252773c5751d52
- 5a57b2831babc7bfab809923cacbe7bd4e0d663c4015f528458dde68c5a87251
- 102c007ae1c5d31265fcb60fd14eb1f0aebad9e3daa3ecab6761fb4d3e84d3d6
- 98ef4070cb18c7ec28d51d4e5906b9d9ac92ffda12ba4b99c61c6eeb0b567198
- 0bfc771e5ad57d72158965483fafea2869bd8a7f489d0fd09303290473a8eb0a
- 6a5de7693e48934a8060ecd1f6fc94d0931a6cf51c60130a1083319b0df0f58c
- 457f8a035d1b5af45ca04ad0d51a6083cc393ae46847675120f7daa2b35cd08c
- dd708991d246f56ec4978a14d7a997fd32ed6b8a6f882db19e57fde0b28e56ae
- 1d6d0b88eef7d224714ad936370173e620a12100f0a49716a2cfeb6b5da6fae0
- 827cf33f7ef0754b6801277050df0e78b644d42a8010e7c9fcc213baa86493c6
- 9987ce69eef1fe17de63b11e089c268f3d4b85d174f35f09294d74f76824e669
- 4995334f4ac0ec8ec725a3b91c54662dc1c2307d5c7747b6494dec0890390026
- 9b7277765e7fd185fb1fb1e4297bc581e298be0d6eb6d9c3cb446b7733b7a14b
- aef76e35056eabd7a4aad30fd870fc90468e48bc53b5011fd2e8368391ae4353
SHA1
- f9a5ddc87b0e07eba73ec6b4c8e469e0a962371d
- 57f1db1723e6b8fa979ea04c53699b3600986783
- 8af62136bc3929f19848d7e3af54ab149ea058f1
- 8113be44d81cf6ecf40b8580234ea00972a01daf
- 1f76c4fa1459a42b4b82d1ec83b3ee702ef9dafb
- 1e8da0d7c66d3cf6c57a2d92a42045227dccadc1
- b14357269fadb46062ed92646ab8f5cd2bd07722
- db6324fc3926cc74c40070dafd4fb3d1d290bec0
- 05f8915d7de5a5a61da5d9ee755c652116ac0224
- fdb9ac2a1602a2d0d188c575b8b6ccce8603cc6d
- 7b40375081d919d9ae78f9b3ea09d2157f42f213
- 9848fc5c469aa15ea43b7e7d3beef9ca83cfe64e
- a1e514792ec8e547582ed7b407ec4a0a2f10f308
- 2348ecc16c768a1e82f29d9e1abae0dbcb57a1f1
Remediation
- Block the threat indicators at their respective controls.
- Do not download files/click on URLs attached in untrusted emails.
- Do not enable macros for untrusted files.
- Do not download files/software from random sources on the internet.
- Keep all systems and software updated to latest patched versions.