TrickBot is a banking-trojan malware that steals the login credentials of targeted banking sites using webinjects.

Since June 2018 TrickBot features lateral movement capabilities in order to propagate itself from an infected client to a vulnerable domain controller.

TrickBot Screenshots

TrickBot Indicators Of Compromise (IOCs)

===========TRICKBOT DOWNLOADER===========

Downloader - "Transaction_Details_15503.xls"
	sha256	f1e068ac6c1ad490087c21c5affbcd475d107552c395a2d759337ddf68e6ded7	
	sha1	e831e18e96168b2af61cdcbf6d6d70fa31a6242e	
	md5	baccc45867ffe993cff15bfc7505ddda
Dropped executable file
	sha256	C:\Users\admin\AppData\Local\Temp\tmp0251.exe	d4c8edb3049197948a03382135b29beb2f99a85e77330c8ccfc090c52d4ea3ac

HTTP/HTTPS requests

===========TRICKBOT EXE===========

Main object- ""
	sha256 d4c8edb3049197948a03382135b29beb2f99a85e77330c8ccfc090c52d4ea3ac 
	sha1 03b3f0b942bdf17c5da6b475c9a16fd7ebde3c86 
	md5 36098457b9433efe25f066cc9d0f1886 

Take your cyber- defence to a new level!

Cybersecurity is of vital importance in today's digital landscape. Our innovative and tailored solutions provide impenetrable defense for businesses of all sizes.

More info here

Related articles

qr code phishing
In the ever-evolving landscape of cyber threats, threat actors are constantly seeking […]
Risks and Solutions How to protect and how to react The identification […]
Over the last week (26th of July 2021), CERT-AGID observed a malspam […]