Cryptolaemus cybersecurity experts: It is spread via spam emails with a zip, an xls or a doc attachment, which downloads a dll starting the malware infection.
The email texts and the xlsb attachment change slightly. This contacts a url and has so far downloaded remcosrat in one case and Trickbot in the other.
CSIRT-Italy cyber security experts: The malware is conveyed with an malspam campaign and malicious attachments. Targets: USA, Canada, France, Germany, Italy and South East Asia.
The cyber security experts: The malware is sent through a phishing campaign by TrickBot authors with different lures. Moreover, after a period of time, it installs Cobalt Strike on infected computer.