TrickBot turns 100: Latest malware released with new features

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,593
71,588
The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection. [...]

This latest build was discovered by Advanced Intel's Vitali Kremez, who found that they added new features to make it harder to detect.
With this release, TrickBot is now injecting its DLL into the legitimate Windows wermgr.exe (Windows Problem Reporting) executable directly from memory using code from the 'MemoryModule' project.
 

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,593
71,588
Just to inform people who don't know what's the legitimate process "wermgr.exe" (Windows Problem Reporting), this system process is signed by Microsoft.
Windows Error Reporting is a crash reporting manager for Windows operating systems. Wermgr.exe runs the error reporting software, and does not pose a threat to your computer.
 
Top