Static and Dynamic Analysis
Recently, newly featured Trickbot sample named “TrickBoot” has arrived on “malware bazaar” submitted by our friend Arkbird_SOLG. This sample of TrickBot is been having the feature of messing up the UEFI firmware by exploiting vulnerability in the UEFI firmware.
Static Analysis: Advanced
Deploying Ghidra[love of our reversing life], i managed to reverse the de-compiled code of TrickBoot [ TrickBot]. Going though the binary executable of i discovered that the Trickboot sample is sort of locking and encrypting the files and exploiting the kernel for accessing the control over the UEFI of system of victim.
Mainly the entry function
Other then this, some interesting functions are:
I had uploaded the dynamic analysis report of TrickBoot on GitHub.
That’s all for today.