Threat Intelligence – Trickbot Malware Latest IOCs

0

Trickbot is computer malware, a trojan for Microsoft Windows and other operating systems. Its major function was originally the theft of banking details and other credentials, but its operators have extended its capabilities to create a complete modular malware ecosystem. Below are the latest signs of indicators.


Credits : Research by ExecuteMalware

Indicators of compromise

THREAT IDENTIFICATION: TRICKBOT

TRICKBOT GTAG
gtag: rob50

SUBJECTS OBSERVED
Here’s your invoice (76897)

SENDERS OBSERVED
[email protected] [.]com

MALDOC FILE HASHES
inv_872895176_1700788183 [.]xls
7f9db9d6085249928deb6dde9625f4bb

TRICKBOT PAYLOAD URLS
http://hometownchick [.]com/patron/ibufen [.]php

TRICKBOT PAYLOAD FILE HASHES
popmddj [.]dblo
de63e7e3da96f915446dff531a4c09dc

TRICKBOT C2
https://36 [.]95 [.]27 [.]243

TRICKBOT ADDITIONAL DOWNLOADS
http://91 [.]200 [.]101 [.]3/images/redbutton [.]png

TRICKBOT ADDITIONAL FILE HASHES
redbutton [.]png
49d503b1e59dc38764cc747a8affd15d

ADDITIONAL TRICKBOT MODULES
shareDll64
9b75fadae3d4fc4e70e751b71616c33e

tabDll64
2f0f6ffc6e71c2b132b613e3a8f6ab80

wormDll64
f021d817c5c6cd89d835507c4839fe6b

networkDll64
c9e79d2f60b6630116aaee9abb02a06f

SUPPORTING EVIDENCE
https://urlhaus [.]abuse [.]ch/url/1105162/


Previous articleFinding the Evil in TLS 1.2 Traffic – Detecting Malware on Encrypted Traffic
Next articleThreat Intelligence – Hancitor Malware Latest IOCs
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here