The latest arrival to the banking malware scene, and successor to the infamous Dyre Trojan continues to evolve.

TrickBot previously targeted banks and businesses in Australia, New Zealand, Germany, UK, Ireland, Canada, India and Singapore.

In a recent update, this list has now expanded to include The United States.

TrickBot targeted regions

Figure 1 – Map showing TrickBot’s global target distribution

 

config

Figure 2 – TrickBot configuration snippet showing newly added US based target.

 

TrickBot’s target tally now includes a total of 225 unique banking and business related URLs.

While this is still a far cry from vast numbers of banks and businesses targeted by Dyre globally, this number is very likely to grow in the future as the malware’s authors are constantly increasing their target tally and continue to improve their malware with new features and abilities.

A previous review of TrickBot’s rapid evolution can be found here: https://devcentral.f5.com/articles/malware/is-xmaker-the-new-trickloader-24372

 

 

TrickBot sample MD5: 5abea77ce54fc029151a524ff1d428f

VirusTotal link: https://www.virustotal.com/en/file/554132df407db525382baceb43fc0804839592fbd7038ffcd0e3736119d37be2/analysis/

Analysis link: https://www.hybrid-analysis.com/sample/554132df407db525382baceb43fc0804839592fbd7038ffcd0e3736119d37be2?environmentId=100