GitHub - MalwareTech/TrickBot-Toolkit: A collection of tools for dealing with Tr...

 6 years ago
source link: https://github.com/MalwareTech/TrickBot-Toolkit
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.


A collection of tools for working with TrickBot


Used to decrypt TrickBot configs (found in install directory under then name config.conf)

Example usage: ConfigDecrypter.py -input config.conf -output config.txt


Used to download files from command and control server

For it to work you'll need to fill servers.txt with a list of recent servers (TrickBot servers die very quickly)

-o (--output) is the file to save to.

-f (--file) specifes the file to download, here is a list of files available:

  • Modules

    • systeminfo32 - gather information about the infected system (32-bit module)
    • injectdll32 - injects into the browser and performs webinjects (32-bit module)
    • mailsearcher32 - searches through files to gather a list of email addresses (32-bit module)
    • sharedll32 - allows the malware to move laterally via network shares (32-bit module)
  • Config Files

    • main - main TrickBot config which includes the latest server list
    • dinj - dynamic webinject configuration
    • sinj - static webinject configuration
    • dpost - server which the dynamic webinjects will send intercepted requests to
    • mailconf - server to send harvested email list to

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK