Trickbot Spreads as DLL, Comes with Upgrades Targeting Windows 10
Trickbot distributed via DLL
Trickbot Windows 10 exclusive features
The threat actors behind Trickbot have also added Windows 10-exclusive features, possibly to avoid detection from sandboxes that mimic early Windows versions. This capability was added through the Trickbot downloader OSTAP.
The trojan spreads via Microsoft Word Document files. The malicious files follow the naming convention “i<7-9 random="" digits="">.doc" and usually contains a blurred image. The document claims to be protected, and for decryption, it requests to enable content so the user can see the clear image.
Defending against Trickbot
Having compromised over 250 million email accounts in 2019, Trickbot’s constant evolution is something that enterprises and users should keep an eye on. To defend against the trojan, enterprises are highly encouraged to conduct internal training on mitigating email threats. Employees should learn how to spot malicious emails, and avoid downloading attachments and clicking on links from unfamiliar sources.
For tighter security against such threats, Trend Micro Email Security detects and stops spam before it can inflict more damage on the system. Enterprises can also rely on other security solutions for email and collaboration under the Trend Micro Smart Protection Suites: Trend Micro™ Deep Discovery Email Inspector™ and Trend Micro™ InterScan Messaging Security.
Indicators of Compromise
||SHA 256||Trend Micro
|Trend Micro Predictive
Machine Learning Detection
|2020-02-25-Trickbot-gtag-red4-DLL.bin / d26db78f99749974.com||70b3da66ad99bca8703ef61d3f8406b3d
|c63f2739765d000000a85ab79e249e65-file_36254b3f04e27e6ecb138eb4dfe0675b-2020-02-25 15-12-55 / List1.jse||8187c859f6667e0d58ecda5f89d64e64a
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.