In its 100th update, the Trickbot authors attempt to position their loader
never to touch disk. In his coverage of the update, Lawrence Abrams writes that Vitali Kremez of Advanced Intel discovered this update. This update makes use of an open-source library called MemoryModule and is now injecting itself into wermgr.exe using the process h allowing technique. Once Trickbot has injected itself, it will terminate the original process . With this new update, Trickbot has now made itself nearly lifeless and, as such, making it harder to detect.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.