The
downloader comes as a Microsoft Office doc - word or excel, with Macro code.
Upon
macro enablement, then VB code is executed and the payload is downloaded and
executed.
Tuesday, July 25, 2017
5
RakshaTec: July 2017
The downloader comes as a Microsoft Office doc - word or excel, with Macro code. Upon macro enablement, then VB code is executed and the...
Thursday, July 20, 2017
Here's one:
It creates this dir - c:\Users\%username%\appdata\Roaming\winapp\
Now - if you're thinking that creating this dir yourself and then read/write protecting it will make this malware not execute fully, you're wrong :)
If it cant access that location to create the directory, it simply dumps the PE on Desktop and executes from there.
Cool stuff!
It creates this dir - c:\Users\%username%\appdata\Roaming\winapp\
Now - if you're thinking that creating this dir yourself and then read/write protecting it will make this malware not execute fully, you're wrong :)
If it cant access that location to create the directory, it simply dumps the PE on Desktop and executes from there.
Cool stuff!
Label :
malware
malware analysis
trickbot
5
RakshaTec: July 2017
Here's one: It creates this dir - c:\Users\%username%\appdata\Roaming\winapp\ Now - if you're thinking that creating this dir y...
Thursday, July 6, 2017
Posted the config files on my github - https://github.com/vithakur/TrickBot-Config-Files
5
RakshaTec: July 2017
Posted the config files on my github - https://github.com/vithakur/TrickBot-Config-Files
Subscribe to:
Posts (Atom)