Yoroi-Cybaze ZLab analyzed in depth the TrickBot dropper of the new cybercrime malware campaign
Cybercrime launched a new malspam campaign aimed at spreading TrickBot malware via weaponized email attachments. Yoroi-Cybaze ZLab cyber security experts analyzed in depth the malicious Word documents, that reveal an interesting dropper composed by several thousand highly obfuscated Lines of Code and abusing the so-called ADS (Alternate Data Stream). TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered to be part of cybercrime arsenal and it is still under development. The malware, first appeared in 2016, during the last years adds functionalities and exploit capabilities such as the infamous SMB Vulnerability (MS17-010) including EthernalBlue, EthernalRomance or EthernalChampion. Furthermore, recently its modularity brought the malware to a higher level. In fact it can be considered a sort of malicious implant able also providing tools and mechanism for advanced attackers to penetrate within company networks.