Sign In with your
Trend Micro Account

Sign in to MySupport

Need Help?

Need More Help?

Create a technical support case if you need further support.

TRICKBOT’s newly released modules makes it even trickier

- Updated:
- 1 Apr 2019
- Product/Version:
- Deep Security 10.0
- Deep Security 10.1
- Deep Security 10.2
- Deep Security 10.3
- Deep Security 11.0
- Deep Security 11.1
- Deep Security 11.2
- Deep Security 11.3
- Email Encryption Gateway 5.5
- OfficeScan 11.0
- OfficeScan XG.All
- Worry-Free Business Security Standard/Advanced 10.0
- Worry-Free Business Security Standard/Advanced 8.0
- Worry-Free Business Security Standard/Advanced 9.0
- Worry-Free Business Security Standard/Advanced 9.5
- Platform:
- N/A N/A

Summary

Trickbot is a banking Trojan which is used in cyber attacks against small and medium-sized businesses. It is designed to access online accounts, especially bank accounts to obtain Personally Identifiable Information (PII) to be used in identity fraud.

Some of Trickbot’s new modules steal credentials for remote computer access with a newer version targeting passwords for Virtual Networking Computing (VCN), PuTTY and Remote Desktop Protocol (RDP). The other modules perform tasks for stealing bank information, system/network reconnaissance, credential harvesting, and network propagation.

Infection Details

Capabilities

Information Theft
Rootkit Capability
Propagation
Download Routine

Details

Available Solution (GMT +8)

VSAPI/SMART

Pattern	Detection/Policy/Rules	Pattern branch/version	Release date/time
TrendX	Troj.Win32.TRX.XXPE50F13006 TROJ.Win32.TRX.XXPE50FFF028 TSPY.Win32.TRX.XXPE50FFF029	N/A	March 1, 2019
VSAPI	TrojanSpy.Win32.TRICKBOT.THCBOAI TrojanSpy.Win32.TRICKBOT.TIGOCAY TrojanSpy.Win32.TRICKBOT.TIGOCAS Trojan.W97M.TRICKBOT.A TrojanSpy.Win32.TRICKBOT.TIGOCBO TrojanSpy.Win32.TRICKBOT.SMTH TrojanSpy.Win32.TRICKBOT.TIGOCAW TrojanSpy.Win32.TRICKBOT.TIGOCBJ TrojanSpy.Win32.TRICKBOT.TIGOCBC TrojanSpy.Win32.TRICKBOT.SMXF TrojanSpy.Win32.TRICKBOT.THCBBAI TrojanSpy.Win32.TRICKBOT.THCAIAI TrojanSpy.Win32.TRICKBOT.TIGOCBH	Ent OPR 14.885.01	March 20, 2019

Behavioral Monitoring

Pattern	Detection/Policy/Rules	Pattern branch/version	Release date
AEGIS	4955T	TMTD OPR 1761	March 12, 2018
AEGIS	2953T	TMTD OPR 1699	September 8, 2017

Email Protection

Subject	MD5	Pattern branch/version	Release date
Application	c9395d54c9b07a12694af8f4222d4eb4	AS 4510.006	March 25, 2019
Job	db6f35c2efc17683b311d471a92c1d35	AS 4510.006	March 25, 2019
Hiring	df773a135afad6cea47a44370f88ff28	AS 4510.006	March 25, 2019
Job	c48f032acc660ea9b50e10903e0e904e	AS 4510.006	March 25, 2019
Application	ead1f7c3f9d3fa14595db86dc711b610	AS 4510.006	March 25, 2019
RE: Tax verification documents	dae7fe538dd4ae8d6e75abc0123ca68e	AS 4510.006	March 25, 2019
Job	e05d3bfc1cad299c1f12986cbddac003	AS 4510.006	March 25, 2019
Regarding position	9a9d03263faac91f9bf82495998fc44c	AS 4510.006	March 25, 2019
Job	73fde1abda7401b239eed596a29ab663	AS 4510.006	March 25, 2019
RE: Tax verification documents	64b773fe12c2d9455f2b14d61a3a6c42	AS 4510.006	March 25, 2019

URL Protection

URL	Category	Blocking Date
hxxp://91.200.100.233/radiance.png	Malware Accomplice	March 12, 2019
hxxp://91.200.100.233/table.png	Malware Accomplice	March 12, 2019
hxxp://5.2.76.181/sin.png	Malware Accomplice	March 12, 2019
hxxp://handbuiltapps.com/logHbst.php	Malware Accomplice	March 6, 2019
hxxp://94.250.253.158/sin.png	Malware Accomplice	March 5, 2019
hxxp://213.226.68.223/radiance.png	Malware Accomplice	March 5, 2019
hxxp://tdsecuremail.com/Secure.Mail	Malware Accomplice	February 27, 2019
hxxp://168.235.103.35/table.png	Malware Accomplice	March 6, 2019
hxxp://interiorswelove.co.uk/Day9HnXqSD.exe	Malware Accomplice	February 28, 2019
hxxp://92.38.163.60/tin.png	Malware Accomplice	March 9, 2019
hxxp://92.38.163.60/sin.png	Malware Accomplice	March 9, 2019
hxxp://92.38.163.60/win.png	Malware Accomplice	March 9, 2019

Make sure to always use the latest pattern available to detect the old and new variants of Trickbot.

Recommendation

Please refer to the KB article on How to best protect your network using Trend Micro products.
You may also check the atricle on Submitting suspicious or undetected virus for file analysis to Technical Support.
For support assistance, please contact Trend Micro Technical Support.

Rating:

Category:

Remove a Malware / Virus

Solution Id:

1122411

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.