welcome to netwrkspider

Wednesday, February 26, 2020

Zero Day Trickbot malware sample IOCs details.

About TrickBot

Developed in 2016, TrickBot is one of the more recent banking Trojans, with many of its original features inspired by Dyreza (another banking Trojan). Besides targeting a wide array of international banks via its web injects, Trickbot can also steal from Bitcoin wallets.
Some of its other capabilities include harvesting emails and credentials using the Mimikatz tool. Its authors also show an ability for constant new features and developments.
Trojan.TrickBot comes in modules accompanied by a configuration file. Each module has a specific task like gaining persistence, propagation, stealing credentials, encryption, and so on. The C&Cs are set up on hacked wireless routers

We found the new sample IOCs of TrickBot malware i.e. distributed as a .dll file and the details are given below.

IOC Details : 


HASH
7db5670a94d95cac01d2c58066f0a9e4517adf6c907f8d7aa15eedc69ba704cf
70b3da66ad99bca8703ef61d3f8406b3d0b05ad60d10318270f41a064d065791
78b04ee46913669be6588fb82ce5b511dd5865f9dbd5b904681ae2816e723e8b
70b3da66ad99bca8703ef61d3f8406b3d0b05ad60d10318270f41a064d065791
4d7a416810418135c1817e20a1e867ad1546373b67d5aaa4bc5c48bcb84f3bdb
2f1d06c3edf1eb4044279924de4d2485144fcd270056d5cfc4489d7b3e428c9f
8187c859f6667e0d58ecda5f89d64e64a53d1ffa72943704700f976b197e6b74
5c80c0b1c58986637f982055d01fb9ec2721617daefcdbdfafaae1eb393e72dc
3626d672f2ceea178c6267cd6ce9d37052199ee8988aa9d3bbde5cd094af0c6a
737f91d86d7fbaf6dc2180e7d6df6d4e78391603112d511f0ec7ae7b9583690c

IP :

5.2.77.18
5.182.210.226
66.85.173.20
85.143.216.206
186.71.150.23
190.214.13.2






Password : Infected