Trickbot report - S2 Grupo
Common Information
| Type | Value |
|---|---|
| UUID | 26270e10-b48f-4ca0-87b5-8c6e756d1606 |
| Fingerprint | 5715856af1ce27aec5d2c69697f6f9c6c1d25525aa3826ff5093671a54b47173 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 4, 2017, 10:24 a.m. |
| Added to db | March 10, 2024, 6:34 a.m. |
| Last updated | Aug. 31, 2024, 1:48 a.m. |
| Headline | Trickbot report - S2 Grupo |
| Title | Trickbot report - S2 Grupo |
| Detected Hints/Tags/Attributes | 83/2/41 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | cey-ebanking.com |
|
| Details | Domain | 33 | blog.fortinet.com |
|
| Details | Domain | 5 | www.threatgeek.com |
|
| Details | Domain | 133 | www.infosecurity-magazine.com |
|
| Details | Domain | 8 | devcentral.f5.com |
|
| Details | Domain | 81 | blog.malwarebytes.com |
|
| Details | Domain | 4 | fraudwatchinternational.com |
|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 1 | www.s2grupo.es |
|
| Details | File | 2 | 1000005_trickbot_loader.exe |
|
| Details | File | 2 | 1000005_trickbot_bot32.exe |
|
| Details | File | 2 | 1000010_trickbot_loader.exe |
|
| Details | File | 2 | 1000010_trickbot_bot32.exe |
|
| Details | File | 2 | 1000014_trickbot_loader.exe |
|
| Details | File | 2 | 1000014_trickbot_bot32.exe |
|
| Details | File | 2 | 1000016_trickbot_loader.exe |
|
| Details | File | 2 | 1000016_trickbot_bot32.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 4 | trickbot-the-dyre-connection.html |
|
| Details | File | 384 | www.inf |
|
| Details | File | 13 | 85%29.aspx |
|
| Details | md5 | 2 | a50c5c844578e563b402daf19289f71f |
|
| Details | md5 | 2 | 28661ea73413822c3b5b7de1bef0b246 |
|
| Details | md5 | 2 | 218613f0f1d2780f08e754be9e6f8c64 |
|
| Details | md5 | 2 | 135e4fa98e2ba7086133690dbd631785 |
|
| Details | md5 | 2 | e054eaae756d31a4f6e30cc74b2e51dd |
|
| Details | md5 | 2 | 719578c91b4985d1f955f6adb688314f |
|
| Details | md5 | 2 | 132c4338cdc46a0a286abf574d68e2e0 |
|
| Details | md5 | 2 | e8e7b0a8f274cad7bdaedd5a91b5164d |
|
| Details | IPv4 | 4 | 11.11.11.1 |
|
| Details | Pdb | 2 | getsysteminfo.pdb |
|
| Details | Url | 2 | https://blog.fortinet.com/2016/12/06/deep-analysis-of-the-online-banking-botnet- |
|
| Details | Url | 4 | http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html |
|
| Details | Url | 2 | https://www.infosecurity-magazine.com/blogs/rig-ek-dropping-trickbot-trojan |
|
| Details | Url | 2 | https://devcentral.f5.com/articles/is-xmaker-the-new-trickloader-24372 |
|
| Details | Url | 8 | https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor |
|
| Details | Url | 2 | https://fraudwatchinternational.com/malware/trickbot-malware-works |
|
| Details | Url | 2 | https://msdn.microsoft.com/en- |
|
| Details | Url | 2 | https://msdn.microsoft.com/es- |
|
| Details | Yara rule | 2 | rule MALW_trickbot_bankBot : Trojan {
meta:
author = "Marc Salinas @Bondey_m"
description = "Detects Trickbot Banking
Trojan"
strings:
$str_trick_01 = "moduleconfig"
$str_trick_02 = "Start"
$str_trick_03 = "Control"
$str_trick_04 = "FreeBuffer"
$str_trick_05 = "Release"
condition:
all of ($str_trick_*)
} |