Rewterz Threat Alert – Trickbot Malware – Active IOCs

Severity

High

Analysis Summary

TrickBot is a modular banking Trojan that has been active since 2016. It is primarily distributed through phishing campaigns and is known for its ability to steal sensitive information such as login credentials, financial information, and personal data. It is a highly evasive malware that uses various techniques such as process hollowing, fileless persistence, and code obfuscation to evade detection. It is capable of a wide range of malicious activities such as keylogging, harvesting information from the infected system, injecting malicious code, downloading and installing additional malware, participating in DDoS attacks. TrickBot malware is still active and the group behind it is updating it regularly, it’s important to keep your systems and software updated and to be vigilant against phishing emails and links. Additionally, it’s important to use a reputable anti-malware software and to keep it updated to protect against TrickBot and other similar threats.

Impact

• Credential Theft 
• Financial loss 
• Exposure of sensitive data

Indicators of Compromise

MD5

• f92cbda46583b39c6b0cddcddf18991e
• e3c9ba02a5e309d2f8e8d06fc73b9554
• 5f82028dd93387d65eaacb63b130a435
• 55d2bf97855b006365dca9f413ab73c6

SHA-256

• f91753cbcbcc7c8c2e5bef4126c2806e65328524f820fadb3f4332b645e28d7e
• 1489023ff883c2034d03a380d95074f84d22b8faee12a229737d904025d4f15a
• 2faef9e769bf8ac04a77ebe03e7d26aece3189e5ad6b0f316d90ec8999a94b04
• 77f92f280a7e3bd03a9eb9ff45dc9064616b7c6fe20e60a57015fc114f9df2d5

SHA-1

• f6b5fdecdd6df68780af6d44f8c21e3dc842d636
• b20f5287c4bec70168232497478c7692e516bfa4
• 9629c55914fa808bb8bcbf37a0aa3c912935a69c
• 654bf2dbe9d6b043b8ae144ead01a994508b735d

Remediation

• Block all threat indicators at your respective controls. 
• Search for IOCs in your environment.