This study aims to carry out a behavioral analysis of Trickbot and propose a machine learning technique for Trickbot detection. In the current study, an analysis is conducted to reveal Trickbot behavior while its code is injected into official banking websites. Trickbot is a banking trojan designed to steal users private information. Static and dynamic analyses using different tools were performed to identify TrickBot-associated streams and detect TrickBot infection. As a result of the analysis, it is found out that its authors use web injections to banking websites to steal and access login information. In addition, the analysis revealed that Trickbot targets many international banks in many countries via web injections. It is discovered that Trickbot uses different interfaces and files to replicate itself. The findings of this study could be used to deal with these attacks efficiently and prevent them in the future.

1. D. Palmer. (2018) This banking malware just added password and browser history stealing to its play-book. [Online]. Available: https://zd.net/35erEjU
2. D. Ruiz. (2018) Trojan.trickbot. [Online]. Available: https://bit.ly/35erY26
3. A. A. Mohsin, “A comprehensive comparison and classification of routing attacks in wireless sensor networks,” Journal of Advances in Technology and Engineering Studies, vol. 3, no. 1, pp. 27–36, 2017. doi: https://doi.org/10.20474/jater-3.1.5
4. Trend Micro. (2019) Trickbots newly released modules makes it even trickier. [Online]. Available: https://bit.ly/2VLMnJ2
5. FortiGuard. (2019) Trickbot or treat-knocking on the door and trying to enter. [Online]. Available: https://bit.ly/3cU05iD
6. O. Ozer. (2019) The curious case of a fileless trickbot infection. [Online]. Available: https://ibm.co/3f5YAzZ
7. Fidelis Social Security. Trickbot: We missed you, dyre. [Online]. Available: https://bit.ly/3bMSnH0
8. A. Gezer, G. Warner, C. Wilson, and P. Shrestha,“A flow-based approach for trickbot banking trojan detection,” Computers & Security, vol. 84, pp. 179–192, 2019. doi: https://doi.org/10.1016/j.cose.2019.03.013
9. M. Mimoso. (2016) Trickbot banking trojan could be dyre rewrite. [Online]. Available: https://bit.ly/35g4A4u
10. T. Meskauskas. (2019) Trickbot trojan virus trickbot virus removal guide. [Online]. Available: https://bit.ly/2zG6b81
11. S. Oza. (2019) Trickbot-malware of the month august 2019. [Online]. Available: https://bit.ly/2ybrwpj
12. J. Davison. (2018) Trickbot banking trojan adapts with new module. [Online]. Available: https://bit.ly/2VLKL1N
13. E. Oz. (2010) What is svchost? [Online]. Available: https://bit.ly/2VJxU01
14. Webcebir. (2013) Javascript addevential. [Online]. Available: https://bit.ly/3d0Keir

R. Celik and A. Gezer, “Behavioral analysis of trickbot banking trojan with its new tricks,” International Journal of Technology and Engineering Studies, vol. 5, no. 3, pp. 95–105, 2019.