Trickbot is computer malware, a trojan for Microsoft Windows and other operating systems. Its major function was originally the theft of banking details and other credentials, but its operators have extended its capabilities to create a complete modular malware ecosystem. Below are the latest signs of indicators.
Credits : Research by ExecuteMalware
Indicators of compromise
THREAT IDENTIFICATION: TRICKBOT
TRICKBOT GTAG
gtag: rob50
SUBJECTS OBSERVED
Here’s your invoice (76897)
SENDERS OBSERVED
ed2units020a@dhiservices [.]com
MALDOC FILE HASHES
inv_872895176_1700788183 [.]xls
7f9db9d6085249928deb6dde9625f4bb
TRICKBOT PAYLOAD URLS
http://hometownchick [.]com/patron/ibufen [.]php
TRICKBOT PAYLOAD FILE HASHES
popmddj [.]dblo
de63e7e3da96f915446dff531a4c09dc
TRICKBOT C2
https://36 [.]95 [.]27 [.]243
TRICKBOT ADDITIONAL DOWNLOADS
http://91 [.]200 [.]101 [.]3/images/redbutton [.]png
TRICKBOT ADDITIONAL FILE HASHES
redbutton [.]png
49d503b1e59dc38764cc747a8affd15d
ADDITIONAL TRICKBOT MODULES
shareDll64
9b75fadae3d4fc4e70e751b71616c33e
tabDll64
2f0f6ffc6e71c2b132b613e3a8f6ab80
wormDll64
f021d817c5c6cd89d835507c4839fe6b
networkDll64
c9e79d2f60b6630116aaee9abb02a06f
SUPPORTING EVIDENCE
https://urlhaus [.]abuse [.]ch/url/1105162/