Monday, February 6, 2023
spot_img
HomeCyber Security BlogsTrickbot Trojan has added network scanning module

Trickbot Trojan has added network scanning module

Recently, the Trickbot Trojan has added a new network scanning module to scan local network systems with open ports for quick lateral movement. The module uses the Masscan open-source tool to look for open ports with lightning-fast results.

Masscan is a mass TCP/IP port scanning product, which can scan the entire internet in very short time transmitting 10 million packets per second of data from a single machine. Use of this product might indicate an attempt to collect data regarding the target network, and use it for future attacks. According to researchers at Kryptos Logic, the TrickBot module uses the tool for network reconnaissance. The Trickbot operators can use these open ports to deploy other modules and move laterally to infect new systems.

The module arrives as either a 32-bit or 64-bit DLL library, depending on the Windows OS version of the victim machine the bot is running on. Once installed, it makes requests to the command-and-control server (C2) for a list of IP address ranges to scan, followed by port range, so that it can pass as parameters to Masscan. The additional module for the local network reconnaissance indicates that the Trickbot malware operators are eager to infect more systems with sophisticated tricks in recent future.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -spot_img

Most Popular

Recent Comments

DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us