Trickbot Trojan has added network scanning module

Trickbot Trojan Blogs | IEMLabs

Recently, the Trickbot Trojan has added a new network scanning module to scan local network systems with open ports for quick lateral movement. The module uses the Masscan open-source tool to look for open ports with lightning-fast results.

Masscan is a mass TCP/IP port scanning product, which can scan the entire internet in very short time transmitting 10 million packets per second of data from a single machine. Use of this product might indicate an attempt to collect data regarding the target network, and use it for future attacks. According to researchers at Kryptos Logic, the TrickBot module uses the tool for network reconnaissance. The Trickbot operators can use these open ports to deploy other modules and move laterally to infect new systems.

The module arrives as either a 32-bit or 64-bit DLL library, depending on the Windows OS version of the victim machine the bot is running on. Once installed, it makes requests to the command-and-control server (C2) for a list of IP address ranges to scan, followed by port range, so that it can pass as parameters to Masscan. The additional module for the local network reconnaissance indicates that the Trickbot malware operators are eager to infect more systems with sophisticated tricks in recent future.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.