Collaborate Disseminate
We are still not seeing a lot of interesting malware in UK at the moment, but this one has a few interesting parts to the delivery system. The Lokibot binary that is eventually delivered is nothing special and we see this sort of commodity malware on a… Continue reading Lokibot via fake Reconfirm Bank Account Details with extremely large rtf attachment
I am seeing a somewhat different to usual AgentTesla malspam campaign this morning. This is using a multistage downloader eventually resulting in the AgentTesla keylogger / infostealer being run on the victim’s computer as a fileless malware. It … Continue reading AgentTesla keylogger as fileless malware.
I have heard of the “Belt and Braces ” approach to delivering malware before, but this malware campaign delivering Remcos Rat is using the belt and 2 pairs of braces to try make sure the malware gets delivered. The email is a fairly typica… Continue reading Remcos Rat via fake invoice using multiple delivery methods.
As I mentioned earlier in the week, we aren’t seeing massive amounts of malware, especially in the UK at the moment BUT we do see a steady lowish volume stream of commodity malware. These are they standard easy to purchase and use malware tools l… Continue reading multiple malware delivered from compromised website run on a domestic BT IP address
Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or… Continue reading Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.
I have got a very unusual and somewhat difficult to analyse set of malware files here. I received 2 different versions of this email. The first with just an XLSX attachment, the second with both an XLSX and a .rar attachment. Running the xlsx file thro… Continue reading Lokibot via fake purchase order but won’t run in W7 or W8.1
Another Hawkeye keylogger campaign again today. We see these most days and the emails are always such a generic invoice, order or Request for quotation so I don’t bother to post all versions we receive. I normally just tweet to the other research… Continue reading Multiple Hawkeye malspam campaigns via GreenCloudVPS
Earlier this morning I received a spam email, pretending to be a new order asking me to quote a price, with a word docx attachment. That is normal for me & many others to receive this sort of malware laden spam. The subjects are so generic, the all… Continue reading Lokibot via fake order email. Massive document.xml.rels obscuring analysis
A very slightly strange and less usual malware campaign this morning that does eventually deliver Formbook. The email is nothing special, very terse & bland that just says ” Kindly find the attachment”. It has 2 Microsoft Word Doc attac… Continue reading Fake Hillconmining Incoming20414 email delivers Formbook
We have been in a bit of lull with a quiet couple of weeks on the malware front in the UK, but that seems to have come to an end overnight and early this morning. Most of the malware are very common, well known versions of Lokibot, Hawkeye and a marg… Continue reading Fake Bank Detail For Funds Transfer delivers info stealer malware