Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

TRICKBOT’s newly released modules makes it even trickier

    • Updated:
    • 1 Apr 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Email Encryption Gateway 5.5
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Worry-Free Business Security Standard/Advanced 10.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Worry-Free Business Security Standard/Advanced 9.5
    • Platform:
    • N/A N/A
Summary

Trickbot is a banking Trojan which is used in cyber attacks against small and medium-sized businesses. It is designed to access online accounts, especially bank accounts to obtain Personally Identifiable Information (PII) to be used in identity fraud.

Some of Trickbot’s new modules steal credentials for remote computer access with a newer version targeting passwords for Virtual Networking Computing (VCN), PuTTY and Remote Desktop Protocol (RDP). The other modules perform tasks for stealing bank information, system/network reconnaissance, credential harvesting, and network propagation.

Infection Details

trickbot

Capabilities

  • Information Theft
  • Rootkit Capability
  • Propagation
  • Download Routine
Details
Public

Available Solution (GMT +8)

VSAPI/SMART

PatternDetection/Policy/RulesPattern branch/versionRelease date/time
TrendXTroj.Win32.TRX.XXPE50F13006
TROJ.Win32.TRX.XXPE50FFF028
TSPY.Win32.TRX.XXPE50FFF029
N/AMarch 1, 2019
VSAPITrojanSpy.Win32.TRICKBOT.THCBOAI
TrojanSpy.Win32.TRICKBOT.TIGOCAY
TrojanSpy.Win32.TRICKBOT.TIGOCAS
Trojan.W97M.TRICKBOT.A
TrojanSpy.Win32.TRICKBOT.TIGOCBO
TrojanSpy.Win32.TRICKBOT.SMTH
TrojanSpy.Win32.TRICKBOT.TIGOCAW
TrojanSpy.Win32.TRICKBOT.TIGOCBJ
TrojanSpy.Win32.TRICKBOT.TIGOCBC
TrojanSpy.Win32.TRICKBOT.SMXF
TrojanSpy.Win32.TRICKBOT.THCBBAI
TrojanSpy.Win32.TRICKBOT.THCAIAI
TrojanSpy.Win32.TRICKBOT.TIGOCBH
Ent OPR 14.885.01March 20, 2019

Behavioral Monitoring

PatternDetection/Policy/RulesPattern branch/versionRelease date
AEGIS4955TTMTD OPR 1761March 12, 2018
AEGIS2953TTMTD OPR 1699September 8, 2017

Email Protection

SubjectMD5Pattern branch/versionRelease date
Applicationc9395d54c9b07a12694af8f4222d4eb4AS 4510.006March 25, 2019
Jobdb6f35c2efc17683b311d471a92c1d35AS 4510.006March 25, 2019
Hiringdf773a135afad6cea47a44370f88ff28AS 4510.006March 25, 2019
Jobc48f032acc660ea9b50e10903e0e904eAS 4510.006March 25, 2019
Applicationead1f7c3f9d3fa14595db86dc711b610AS 4510.006March 25, 2019
RE: Tax verification documentsdae7fe538dd4ae8d6e75abc0123ca68eAS 4510.006March 25, 2019
Jobe05d3bfc1cad299c1f12986cbddac003AS 4510.006March 25, 2019
Regarding position9a9d03263faac91f9bf82495998fc44cAS 4510.006March 25, 2019
Job73fde1abda7401b239eed596a29ab663AS 4510.006March 25, 2019
RE: Tax verification documents64b773fe12c2d9455f2b14d61a3a6c42AS 4510.006March 25, 2019

URL Protection

URLCategoryBlocking Date
hxxp://91.200.100.233/radiance.pngMalware AccompliceMarch 12, 2019
hxxp://91.200.100.233/table.pngMalware AccompliceMarch 12, 2019
hxxp://5.2.76.181/sin.pngMalware AccompliceMarch 12, 2019
hxxp://handbuiltapps.com/logHbst.phpMalware AccompliceMarch 6, 2019
hxxp://94.250.253.158/sin.pngMalware AccompliceMarch 5, 2019
hxxp://213.226.68.223/radiance.pngMalware AccompliceMarch 5, 2019
hxxp://tdsecuremail.com/Secure.MailMalware AccompliceFebruary 27, 2019
hxxp://168.235.103.35/table.pngMalware AccompliceMarch 6, 2019
hxxp://interiorswelove.co.uk/Day9HnXqSD.exeMalware AccompliceFebruary 28, 2019
hxxp://92.38.163.60/tin.pngMalware AccompliceMarch 9, 2019
hxxp://92.38.163.60/sin.pngMalware AccompliceMarch 9, 2019
hxxp://92.38.163.60/win.pngMalware AccompliceMarch 9, 2019
 
Make sure to always use the latest pattern available to detect the old and new variants of Trickbot.

Recommendation

Please refer to the KB article on How to best protect your network using Trend Micro products.
You may also check the atricle on Submitting suspicious or undetected virus for file analysis to Technical Support.
For support assistance, please contact Trend Micro Technical Support.

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1122411
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.