After discussing the new propagation module you might be in deep thought about what is new in this? This malware is the same as general malware functionality in that it steals sensitive information, which can contribute backdoor access and later used by several cyber attacker’s groups to disseminate different malware.

The First discovered in 2016 as per news circulate but maybe it comes earlier but the security system of the machine did not detect it well. This program basically runs in the background and starts with accessing the data and using current activities.

Once this malware enters your Machine then it gradually starts the activities to download various modules to perform different malicious tasks first in the machine and then after entire networks.

How TrickBot Modules spread?

The TrickBot Module is specially developed to steal sensitive data and then perform different malicious infections. It is totally different from the other malware in the spreading and activities performed in the background because it uses a different binary to perform the particular tasks during the activities it performs.

The first work TrickBot does is that it saves the windows executable malicious file in the hard drive which is known as the “TrickBot Loader”

Let’s take an example of Windows 7 and 10 because lots of users are very familiar with it.

If you are Windows 7, users can see the artifacts associated modules that are saved in the disk but in case of windows 10, the TrickBot modules can only be found in system memory.

Have you heard some of the ransomware cases in the last year, as sources say the TrickBot and ransomware operators have joined hands and do the work together to compromise the network so that ransomware can complete the work.

In research it was also mentioned, “ The artifacts which we discuss in windows 7 point are encrypted binaries and later during the operation, the encrypted TrickBot get decrypted and operated whole memories as TrickBot.”

How is the module used by TrickBot?

• Tab Module
• Mworm Module
• Mshare module

You can see the below chart on how to exploit the SMB vulnerabilities in the domain controller. The whole chart shows the flow and spread of the TrickBot modules.

Finally, The “mworm” is no longer usable and everyone is using “nworm”.The worm module activates the infections and spreads in the memory of the domain controller which are more complex and remain undetectable which is executed in background without any issue.

In 2020, The TrickBot is introduced with the new module “Nworm” propagation module and TrickBot stopped using “Mworm” module in the same environment.

A most important point the new module,”Nworm does not appear until the TrickBot infection don’t harm the AD atmosphere with DC as similar to the “Mworm”

If you have any suggestion let me know in the comment box. Thank you!!

The post Nworm : New TrickBot malware updates appeared first on Vednam.