About TrickBot
Developed in 2016, TrickBot is one of the more recent banking Trojans, with many of its original features inspired by Dyreza (another banking Trojan). Besides targeting a wide array of international banks via its web injects, Trickbot can also steal from Bitcoin wallets.
Some of its other capabilities include harvesting emails and credentials using the Mimikatz tool. Its authors also show an ability for constant new features and developments.
Trojan.TrickBot comes in modules accompanied by a configuration file. Each module has a specific task like gaining persistence, propagation, stealing credentials, encryption, and so on. The C&Cs are set up on hacked wireless routers
We found the new sample IOCs of TrickBot malware i.e. distributed as a .dll file and the details are given below.
IOC Details :
IP :
5.2.77.18
5.182.210.226
66.85.173.20
85.143.216.206
186.71.150.23
190.214.13.2
Developed in 2016, TrickBot is one of the more recent banking Trojans, with many of its original features inspired by Dyreza (another banking Trojan). Besides targeting a wide array of international banks via its web injects, Trickbot can also steal from Bitcoin wallets.
Some of its other capabilities include harvesting emails and credentials using the Mimikatz tool. Its authors also show an ability for constant new features and developments.
Trojan.TrickBot comes in modules accompanied by a configuration file. Each module has a specific task like gaining persistence, propagation, stealing credentials, encryption, and so on. The C&Cs are set up on hacked wireless routers
We found the new sample IOCs of TrickBot malware i.e. distributed as a .dll file and the details are given below.
IOC Details :
| HASH |
| 7db5670a94d95cac01d2c58066f0a9e4517adf6c907f8d7aa15eedc69ba704cf |
| 70b3da66ad99bca8703ef61d3f8406b3d0b05ad60d10318270f41a064d065791 |
| 78b04ee46913669be6588fb82ce5b511dd5865f9dbd5b904681ae2816e723e8b |
| 70b3da66ad99bca8703ef61d3f8406b3d0b05ad60d10318270f41a064d065791 |
| 4d7a416810418135c1817e20a1e867ad1546373b67d5aaa4bc5c48bcb84f3bdb |
| 2f1d06c3edf1eb4044279924de4d2485144fcd270056d5cfc4489d7b3e428c9f |
| 8187c859f6667e0d58ecda5f89d64e64a53d1ffa72943704700f976b197e6b74 |
| 5c80c0b1c58986637f982055d01fb9ec2721617daefcdbdfafaae1eb393e72dc |
| 3626d672f2ceea178c6267cd6ce9d37052199ee8988aa9d3bbde5cd094af0c6a |
| 737f91d86d7fbaf6dc2180e7d6df6d4e78391603112d511f0ec7ae7b9583690c |
IP :
5.2.77.18
5.182.210.226
66.85.173.20
85.143.216.206
186.71.150.23
190.214.13.2
Malware Sample Repo : https://github.com/netwrkspider/malwareSample/blob/master/26-feb-malware-Zero_day_trickbot-iocs.zip
Password : Infected
No comments:
Post a Comment