Fortgale Blog » TrickBot infection of January 2019

Cyber Security News

January 11, 2019

TrickBot infection of January 2019

TrickBot is a banking-trojan malware that steals the login credentials of targeted banking sites using webinjects.

Since June 2018 TrickBot features lateral movement capabilities in order to propagate itself from an infected client to a vulnerable domain controller.

TrickBot Screenshots

TrickBot Indicators Of Compromise (IOCs)

===========TRICKBOT DOWNLOADER===========

Downloader - "Transaction_Details_15503.xls"
	sha256	f1e068ac6c1ad490087c21c5affbcd475d107552c395a2d759337ddf68e6ded7	
	sha1	e831e18e96168b2af61cdcbf6d6d70fa31a6242e	
	md5	baccc45867ffe993cff15bfc7505ddda
	
Dropped executable file
	sha256	C:\Users\admin\AppData\Local\Temp\tmp0251.exe	d4c8edb3049197948a03382135b29beb2f99a85e77330c8ccfc090c52d4ea3ac
	
Connections
	ip	198.46.190.41	

HTTP/HTTPS requests
	url	http://198.46.190.41/knot1.php	
	url	http://198.46.190.41/largo.vin


===========TRICKBOT EXE===========

Main object- "largo.vin"
	sha256 d4c8edb3049197948a03382135b29beb2f99a85e77330c8ccfc090c52d4ea3ac 
	sha1 03b3f0b942bdf17c5da6b475c9a16fd7ebde3c86 
	md5 36098457b9433efe25f066cc9d0f1886 
Connections
	ip 201.251.18.28
=================================

banking trickbot trojan

Related articles

November 7, 2024

Protected: Analysis of the BlackBasta infrastructure: Cobalt Strike

There is no excerpt because this is a protected post.

No Tag

Cyber Security News Featured

September 4, 2024

Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365

In August 2024, Fortgale identified and analyzed an extensive phishing campaign employing […]

microsoft365 phishing phishingkit

December 18, 2023

Espionage activities targeting European businesses

In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, […]

Attention Espionage mfa phishsurf nebula ThreatActor

Headquarters: via San Damiano 2, Milano
Registered Office: Corso Buenos Aires 64, 20124 Milano
fort@pec.fortgale.com
CF/PI: 10008370966
REA: MI2127510
Cap.Soc.: 10.000 € i.v.

Privacy & Cookie Policy

Threats

Explore

Social

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Others