skip to Main Content

Cybercrime, multi-malware campaign conveyed via false debt

Technical analysis by the Malware Hunter JAMESWT

Multi-malware campaign delivered via false debt. The texts and the xlsb attachment change slightly. This contacts a url and has so far downloaded remcosrat in one case and Trickbot in the other

False debt conveys a global multi-malware campaign. The email text (the amounts and the “creditor”) and the attachment change (slightly), but in any case it’s always an xlsb file.

This, if opened, contacts a url and downloads the malicious payload. In one case it is remcosrat (March 15th) and in another Trickbot (March 16th). It is not known, however, at the moment which is the next malware as at the moment the url is unreachable. The goal of cybercrime is in all likelihood to steal codes and credentials from victims. The campaign, however, looks very similar to one released last week, in which the bait was a fake Pfizer invoice and the attachment distributed Trickbot.

Relation between the contacted domain and the files that contact it

Back To Top