Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

TrickBot targets its first US bank

Shaul_Vilkomir-
Historic F5 Account

on ‎15-Jan-2017 05:47

The latest arrival to the banking malware scene, and successor to the infamous Dyre Trojan continues to evolve.

TrickBot previously targeted banks and businesses in Australia, New Zealand, Germany, UK, Ireland, Canada, India and Singapore.

In a recent update, this list has now expanded to include The United States.

0151T000003d6wBQAQ.png

Figure 1 – Map showing TrickBot’s global target distribution

 

0151T000003d6wCQAQ.png

Figure 2 – TrickBot configuration snippet showing newly added US based target.

 

TrickBot’s target tally now includes a total of 225 unique banking and business related URLs.

While this is still a far cry from vast numbers of banks and businesses targeted by Dyre globally, this number is very likely to grow in the future as the malware’s authors are constantly increasing their target tally and continue to improve their malware with new features and abilities.

A previous review of TrickBot’s rapid evolution can be found here: https://devcentral.f5.com/s/articles/malware/is-xmaker-the-new-trickloader-24372

 

 

TrickBot sample MD5: 5abea77ce54fc029151a524ff1d428f

VirusTotal link: https://www.virustotal.com/en/file/554132df407db525382baceb43fc0804839592fbd7038ffcd0e3736119d37be2/...

Analysis link: https://www.hybrid-analysis.com/sample/554132df407db525382baceb43fc0804839592fbd7038ffcd0e3736119d37...

Labels:
0 Kudos
Version history
Last update:
‎15-Jan-2017 05:47
Updated by:
Contributors
Copyright © 2023 Khoros, LLC