Indicatori di compromissione relativi ad infezioni da malware bancari (Emotet e TrickBot) utilizzati durante campagne malware nei confronti di infrastrutture italiane.

Le compromissioni sono relative ad attività svolte nel periodo Agosto-Settembre 2018.

Campagne di questa tipologia risultano colpire costantemente sistemi e infrastrutture informatiche. In alcuni periodi si rilevano fino a 4 diverse campagne malware con l’utilizzo dello stesso malware nel periodo di 30 giorni.

Malware Emotet/TrickBot (HASH SHA256):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
(1st Stage)
6EF5C474B7706E547257B65711D44C5D8183420ACF6D1D673A445FC30D3E2ACD
483375f638c20330ccdc6425483a59d84dfc7e4da81f2a26363b7ee16a5a3cd9
1c1e2db21c30fe50d3dcb4b4f756bc154d319cf1365afb3962631941b9513859
14b8461975d56583ef0a575e6b3edee10da4583d4d9d2959ea5abd99996fe68a
http://fluorescent[.]cc/IkSd44UwZs
http://www.inancspor[.]com/1ymVXSaT7J
http://mainlis[.]pt/0f9WStspZ
http://thexda[.]com/ZptEBCytV
http://samarthdparikh[.]com/mConYIy
http://imrenocakbasi<span>[.]com/pNDq
http://opaljeans<span>[.]com/T
http://atoliyeh<span>[.]com/fhlb
http://linkbio<span>[.]net/mYKl
http://proinnovation2013[.]com/0k6vpL79
http://rtnbd24[.]com/JLbh1WGtMu
http://goldsellingsuccess[.]com/pXo3156n2G
http://cuentocontigo[.]net/eS663S6XX2
http://manatour[.]cl/6Vo9r2CAU
http://omlinux[.]com/SGNChoG&gt;
(2nd Stage)
02b969c4d126d1b50d6e7092282064d3c3127a6c4b70b5420fe5ae8033b4a290
“C:\Users\admin\AppData\Local\Microsoft\Windows\searchatsd.exe”
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” (Key:searchatsd)
(Command & Control)
81[.]21[.]85[.]89:7080
213[.]12[.].182[.]53:7080
136[.]56[.]30[.]168
128[.]2[.]97[.]187:8443
76[.]120[.]104[.]107:443

Take your cyber- defence to a new level!

Cybersecurity is of vital importance in today's digital landscape. Our innovative and tailored solutions provide impenetrable defense for businesses of all sizes.

More info here

Related articles

qr code phishing
In the ever-evolving landscape of cyber threats, threat actors are constantly seeking […]
Risks and Solutions How to protect and how to react The identification […]
fickerstealer
Over the last week (26th of July 2021), CERT-AGID observed a malspam […]