Severity

Medium

Analysis Summary

Several phishing campaigns leading to Trickbot where the attackers are base64 encoding the maldocs and delivering them as html attachments.

Impact

Exposure of sensitive information

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

• 7bc0c27aba7232e66fe7c6bddfa2e97f
• 43ce46c6730a636bde66983af895e5d6279785fa
• 59b8bcbbe9b41f410d2439d0645289634f440018a70a6ef9e7491f358afd5660
• 7381e87d870b7cd3168924ef83f4bf67
• 971c096b3e9072d3aab1f30c8f86b79c9c5c0ee4
• dec9fd1ca8c6ebf7571999715946d03a4125a8d4b4b5185a0d828f82354a211c
• e082f8d1e21e44821d5eb09d2917f349
• 3359412f96be45db34b6b43f66245aa437a5e964
• 652f1dd04a92e6f777a289bbc83877f3ae9b8426c2cdaec95401d068b8d25d78
• 61410b6c6941833f3b6675f5a6ce2d69
• 2e160ce3a257bb72371e8775d48bc68f05a0face
• 29cbeb2659870605d65271a44cc0ae91985f4acffffd0d2bccf74549c5fa80b5
• 150e0ce3eb588b0d6c92e08a2a3a7f37
• 99e2dedd4fe7c60ed84655c43a0aaca99099b6c6
• e662a8f3a8238b1fbc0f170393a6813fd44f5432d3a9e10675bc5b0eeb5b7625
• 15654efd345f73fc7f973d9a7c696821
• 409b6e803409574620194e0ebaa6416ad95123ca
• 0562ffd6144deb76197444ef0726e0c7d3e05b393f8b77a3f2ab5f4d0bb158dd
• 1ec58bca3d55db0552a110066daf2370
• 01a0b3f06c5517c3368eee346e6403daf6b4891a
• 9cb3076e3cd427745fbce9e59ba84ef3687f128e5c48174ef911c72cba9df7be
• 580287ab42f19ac102da18f52b4342b1
• 6ce3f2fe95bd4d4637d78b5d09c95a37e35c5138
• 7307a1139470b75c81e5d0b4071e3cd7a6608850d8d0771a31e4bb0598de7eb0
• bab9ae91f22f2b4f7fa574f2e0197dab
• bb838bdc70a954ad66af4103a125d379b8e739f7
• 36bec4967c97a28485067f48103e2f0e91e6f4894d8f453207cb37326cdb72a1
• 39e82b9c7f66b1f2182d9c2469ef529b
• 4068ddd566418ac61a3aea56c37758db2fec0a0b
• 53ce6bbf04c673a7ba7dc00d7191fc6ed67db82c8043942b355bfe175a8dccc9

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on the link/ attachments by unknown senders.