{
	"id": "676a80a5-cbad-40ba-9de8-552daa41666a",
	"created_at": "2026-04-06T00:15:55.350106Z",
	"updated_at": "2026-04-10T03:19:57.436322Z",
	"deleted_at": null,
	"sha1_hash": "182cb434c31c13ed4f65f766f51ee28fef1a55c1",
	"title": "Trojan.TrickBot | Malwarebytes Labs",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 341533,
	"plain_text": "Trojan.TrickBot | Malwarebytes Labs\r\nArchived: 2026-04-05 13:00:24 UTC\r\nShort bio\r\nTrojan.TrickBot is Malwarebytes’ detection name for a banking Trojan targeting Windows machines.\r\nDeveloped in 2016, TrickBot is one of the more recent banking Trojans, with many of its original features inspired\r\nby Dyreza (another banking Trojan). Besides targeting a wide array of international banks via its webinjects,\r\nTrickbot can also steal from Bitcoin wallets.\r\nSome of its other capabilities include harvesting emails and credentials using the Mimikatz tool. Its authors also\r\nshow an ability for constant new features and developments.\r\nTrojan.TrickBot comes in modules accompanied by a configuration file. Each module has a specific task like\r\ngaining persistence, propagation, stealing credentials, encryption, and so on. The C\u0026Cs are set up on hacked\r\nwireless routers.\r\nSymptoms\r\nThe endpoint user will not notice any symptoms of a Trickbot infection. However, a network admin will likely see\r\nchanges in traffic or attempts to reach out to blacklisted IPs and domains, as the malware will communicate with\r\nTrickbot’s command and control infrastructure to exfiltrate data and receive tasks.\r\nTrojan.TrickBot gains persistence by creating a Scheduled Task.\r\nType and source of infection\r\nhttps://blog.malwarebytes.com/detections/trojan-trickbot/\r\nPage 1 of 3\n\nExample malspam distributing Trickbot\r\nOther methods of propagation include infected attachments and embedded URLs. Trojan.TrickBot is also seen as\r\na secondary infection dropped by Trojan.Emotet.\r\nhttps://blog.malwarebytes.com/detections/trojan-trickbot/\r\nPage 2 of 3\n\nMalicious document with macro\r\nSource: https://blog.malwarebytes.com/detections/trojan-trickbot/\r\nhttps://blog.malwarebytes.com/detections/trojan-trickbot/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://blog.malwarebytes.com/detections/trojan-trickbot/"
	],
	"report_names": [
		"trojan-trickbot"
	],
	"threat_actors": [],
	"ts_created_at": 1775434555,
	"ts_updated_at": 1775791197,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/182cb434c31c13ed4f65f766f51ee28fef1a55c1.pdf",
		"text": "https://archive.orkl.eu/182cb434c31c13ed4f65f766f51ee28fef1a55c1.txt",
		"img": "https://archive.orkl.eu/182cb434c31c13ed4f65f766f51ee28fef1a55c1.jpg"
	}
}