Technical Articles
F5 SMEs share good practice.
cancel
Showing results for 
Search instead for 
Did you mean: 
Shaul_Vilkomir-
Historic F5 Account

The latest arrival to the banking malware scene, and successor to the infamous Dyre Trojan continues to evolve.

TrickBot previously targeted banks and businesses in Australia, New Zealand, Germany, UK, Ireland, Canada, India and Singapore.

In a recent update, this list has now expanded to include The United States.

0151T000003d6wBQAQ.png

Figure 1 – Map showing TrickBot’s global target distribution

 

0151T000003d6wCQAQ.png

Figure 2 – TrickBot configuration snippet showing newly added US based target.

 

TrickBot’s target tally now includes a total of 225 unique banking and business related URLs.

While this is still a far cry from vast numbers of banks and businesses targeted by Dyre globally, this number is very likely to grow in the future as the malware’s authors are constantly increasing their target tally and continue to improve their malware with new features and abilities.

A previous review of TrickBot’s rapid evolution can be found here: https://devcentral.f5.com/s/articles/malware/is-xmaker-the-new-trickloader-24372

 

 

TrickBot sample MD5: 5abea77ce54fc029151a524ff1d428f

VirusTotal link: https://www.virustotal.com/en/file/554132df407db525382baceb43fc0804839592fbd7038ffcd0e3736119d37be2/...

Analysis link: https://www.hybrid-analysis.com/sample/554132df407db525382baceb43fc0804839592fbd7038ffcd0e3736119d37...

Version history
Last update:
‎15-Jan-2017 05:47
Updated by:
Contributors