• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – NetWire RAT Installed via Malspam Campaign
April 6, 2020
Rewterz Threat Alert – Phishing Campaign Uses COVID-19 to Spread LokiBot
April 6, 2020

Rewterz Threat Alert – Trickbot Banking Trojan Delivered via Malspam – IoCs

April 6, 2020

Severity

High

Analysis Summary

TrickBot is a banking Trojan which targets sensitive information and acts as a dropper for other malware. Trickbot is usually spread via malicious malspam campaigns. These campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment. TrickBot is also dropped as a secondary payload by other malware. The malspam campaigns that use Trickbot use branding familiar to the recipient, such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. The opened attachment will prompt the user to enable macros, which executes a VBScript to run a PowerShell script to download the malware.

Impact

  • Credential theft
  • Exposure of sensitive data
  • Financial loss

Indicators of Compromise

MD5

  • 44e2946d58a37fc9ed0650f60d0979f9
  • 44e2946d58a37fc9ed0650f60d0979f9
  • 71c1521799c96c9946afd9214e449c94
  • 85fb47d7fd559eaf98ca59ed11010135
  • 22e5eef02bece623d8ba31cb37b2190c
  • 8844f6a4d3a3a1b19c06dfe2263a84d4
  • c47be0b93b3cad4a244a0d5179eab6fb
  • d23ba17ea3ba79fffec713ce4dbccc62
  • 1aeb9d313f38f7f9d413b1c4cb5f157a
  • 37543830d2a7f971c11fed7c8a61dd9e
  • 3bfb3d75e5b698c712169ed2b9643225

SHA-256

  • 556770bfe263377a4f606f32e9980f877e1add114b45151168ecfb29a43d3caf
  • 77d8e1a86de34ece7e022651592aeedc3d32d0b022c1fe5d34a403e13afa8d5e
  • 1e06147d3b53b78178d0fa85848a9e328ccc05b86858d988f95d65e335bf5c37
  • a22e263d2147de6d8c0ce04ea05de456372c158d292eca57858880e6c56f9ca7
  • 7f3a683b0915145bab2cb7f2dd9917b42be5d65a5800536a232484050715fb4b
  • dfea3d7607e72d4dff86be0ba30ec0620dc54d5d2a50799bbefe1e495e9accdd
  • 278b9d608f2955958f7a720cbfca2c82b88d4f4c2926e177c8dfda5396da55e3
  • aa49e93bfe0e50f99af50ab760d6a237ee0d987e2ea7368db9e86b2c14a3ca02
  • ac2be189a0ebdf33e9ec1e39d716070e73f444e7e871a38f88b2fc3c5e6f76a7
  • 0b9503a8d8d9513d1e93a7020a09fae85976721e3bc42b84ba1986a3c812d9b4

SHA-1

  • f7e952192b6f76a083ce354cac3d3f9c77346087
  • 3ef000cb90ab638ab0bae542c2d6e8e6ec146c53
  • fd4c3179bab6b9750c74de27af101ea3951c82a5
  • 0e29a1f93b003c31af46ab1ab7c8d3df150123e0
  • 888a8fdc539c0f4cf379ad7136159aa37a4411e6
  • 38b0be25553c3f177cbf709dd144787ae98e1680
  • 257cac6de94e54a7aecca28a08cac6fd3fded9b7
  • f56a5c00673b56ed2fff1a95ddab34a738405717
  • 497c7b348760a174de2d003ac37e23797219e4f1
  • 9a6e23b7aad977f0aa1f200968fe1c2a2d0d244f

Remediation

  • Block all threat indicators at your respective controls.
  • Do not download email attachments from untrusted email senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.