The publications are suspended, except for particular events, from 1 to 21 August. In the meantime, we are preparing some news for the second half of the year.
Technical analysis by the Malware Hunter JAMESWT
Multi-malware campaign delivered via false debt. The texts and the xlsb attachment change slightly. This contacts a url and has so far downloaded remcosrat in one case and Trickbot in the other
False debt conveys a global multi-malware campaign. The email text (the amounts and the “creditor”) and the attachment change (slightly), but in any case it’s always an xlsb file.
This, if opened, contacts a url and downloads the malicious payload. In one case it is remcosrat (March 15th) and in another Trickbot (March 16th). It is not known, however, at the moment which is the next malware as at the moment the url is unreachable. The goal of cybercrime is in all likelihood to steal codes and credentials from victims. The campaign, however, looks very similar to one released last week, in which the bait was a fake Pfizer invoice and the attachment distributed Trickbot.