November 19, 2018

TrickBot Banking Trojan Starts Stealing Windows Problem History



Recently a new version of TrickBot found of stealing Windows system reliability and performance information that is slightly out of the box as compare to normal scope of any banking Trojans.
Windows runs a reliability Analysis Matrix(RAC) to process the reliability monitoring on new installation of any software, upgrade or any kind of system error from the Operating system and applications well as hardware related problems.


For this, windows runs its RACAgent scheduled task hourly basis and store the date to a local folder. We can also disable the these details from task scheduler, but doing that you will no longer get the Reliability Monitor’s System Stability index.\


A detailed reports from a phishing campaign from My Online Security disclose that a TrickBot spotted focused on collecting and reading the Windows reliability database and information available under the C:\ProgramData\Microsoft\RAC\




Security Researcher published a list of files collected by the malware in twitter:
However it is still unclear purpose of collecting these data, but there must be a malicious purposes, like targeting phishing emails.


The phishing campaign sends TrickBot with emails claiming from Lloyds Bank using the email id donotreply@lloydsbankdocs.com which makes people believe the purpose of the email genuine.
The attacker crafts the email such a way that the reader will read the mail with full believe and open the attached document with malicious Macro. The Macro code then executes and enabled the TrickBot inside the system.



  

The Word document attached to the email has the Lloyds Bank letterhead to make it feel genuine. Added more with Symantec logo under the cover letter saying the file passes with the security solution.




After all the efforts to hide the malicious purpose, the file detected by 30 antivirus engines on Virus Total.

9 comments:

  1. Yes, I am entirely agreed with this article, and I just want say that this article is very helpful and enlightening. I also have some precious piece of concerned info !!!!!!Thanks statelife insurance - hbl platinum card

    ReplyDelete
    Replies
    1. Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. I have read your article, it is very informative and helpful for me.I admire the valuable information you offer in your articles. Thanks for posting it.
    Tangki Panel
    Tangki Fiberglass
    Jual Septic Tank
    Mesin RO

    ReplyDelete
  3. Multi channel offerings like machine based (ATMs and pc-Banking), card based (credit/Debit/Smart cards), Communication based (Tele-Banking and Internet Banking) ushered in Anytime and Anywhere Banking by the banks in India.Best banks in India

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. The central bank provided most of the commercial banking needs of enterprises in addition to other functions. During the late 1980s, the CEECs modified this earlier structure by taking all the commercial banking activities of the central bank and transferring them to new commercial banks.https://myifsccode.com/

    ReplyDelete
  6. Fantastic blog you have here. You’ll discover me looking at your stuff often. Saved! 10 free instagram likes instantly

    ReplyDelete
  7. Regardless of why you watched this form of mortgage is probably proper for you, it is essential to recognize the running capital ratio that will help you decide how plenty cash you have to request. Working Capital

    ReplyDelete
  8. This article was written by a real thinking writer without a doubt. I agree many of the with the solid points made by the writer. I’ll be back day in and day for further new updates. 먹튀검증

    ReplyDelete