In its 100th update, the Trickbot authors attempt to position their loader to evade detection by neveronly briefly to touching the disk. In a summary byIn his coverage of the update, Lawrence AbramsBleeping Computer writes that Vitali Kremez of Advanced Intel discovered this update, and it does make the malware much more difficult to detect. This update makes use of an open-source library called MemoryModule to load a DLL completely from memory and is now injecting itself into wermgr.exe, the legitimate Microsoft error reporting program, using the process hoallowing technique. Once Trickbot has injected itself, it will terminate the original process and quickly delete its executable file, which was only saved on the disk for a very short time.. With this new update, Trickbot has now made itself nearly lifeless invisible to anti-virus productand, as such, making it harder to detect.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security