TrickBot is a modular malware that has been involved in numerous campaigns, used most recently for the deployment of other malware. The latest enhancements to this malware include a module that inspects devices for firmware vulnerabilities.
Reconnaissance actions would allow UEFI/BIOS firmware to be read, written or removed in later phases of the attack. Access at this level is meant to both enable persistence and subsequent access to the infected computer, and to disable its use.
This article describes the how the malware that uses this module operates, with a new functionality that has been given the name of "TrickBoot" in the report published by Eclypsium and AdvIntel (https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ ).
A computer's firmware establishes the lowest level logic to control the electronic circuits of a device of any type, and therefore it is executed before the operating system. Hosting malicious code in firmware allows an attacker to ensure that their code will be the first to be executed, but also to ensure persistence in a component of the computer different than the storage of the rest of the system's components.
The "implants" at this level, known as Bootkits, are difficult to identify once established, while also complicating the recovery of the infected computer. They allow the start up of the computer to be controlled and therefore can compromise the entire system in its early stages.
While this is not a new feature (there have been cases of this type of behavior for BIOS since 1998, the first case of UEFI rootkit being discovered in 2018 - LoJax malware), it is particularly interesting that TrickBot incorporates a module with this functionality, given that it opens up another avenue of persistence on the compromised computer.
Examples of Rootkits for BIOS
The version of the module analyzed in the report would allow the following reconnaissance actions to be carried out:
- Platform identification
- Check the status of BIOS write protection for SPI flash
- Check for known vulnerabilities affecting UEFI/BIOS firmware
However, combined with the existing functionality that allows firmware to be read, written and modified, it could allow malware using TrickBot to perform more disruptive actions on the computer, for example as part of a ransomware campaign.
TrickBot usually incorporates existing utilities (e.g. Mimikatz) or techniques already seen in other malware.
How it Works
Depending on the analyzed sample, the TrickBot library that implements the analyzed functionality may contain obfuscated calls. Specifically, the report focuses on the user_platform_check.dll library that can be found by the name of PermaDLL.
Library containing the code for persistence
The samples analyzed by the researchers contain obfuscated copies of the RwDrv.sys driver used by RWEverything to access and configure the BIOS/UEFI and other components. The use of this driver is common in malware that installs rootkits in the BIOS/UEFI space. The goal is access to the SPI controller that manages the UEFI/BIOS system.
When the library calls aren't obfuscated, it is possible to see the DeviceIoControl calls.
DeviceIoControl call observed in the library
Other characteristics include the use of code available in GitHub repositories, such as the fwexpl library. In particular, the malware analyzed would contain functions from that library designed to use the RwDrv.sys driver to access hardware interfaces.
In addition, it also uses additional functions to determine the specific model of CPU and PCH that the device is using, considering different versions. These actions will allow the malware to identify the SPI controller registers, to subsequently carry out checks on the BIOS region protections and proceed to execute SPI operations on the external chips.
TrickBot has gone from being a common banking trojan to becoming a modular tool used by other malware to deploy their operations. As such, new versions are emerging with features that aid its current performance.
This time the feature is aimed at persistence, using rootkit in the firmware space with a technique that has been around for years. The tools used to modify the BIOS/UEFI configuration usually use the RwDrv.sys driver to access the SPI driver, a feature that has been kept by this module, known as TrickBoot.
Among the mitigation actions focused on the firmware, the following is recommended: ensure that the devices have anti-write protection enabled in the BIOS/UEFI; verify the integrity of the firmware during boot (e.g. using mechanisms that use TPM); monitor firmware behavior for modifications; update firmware to prevent it from containing known vulnerabilities, etc. Also, the firmware should be considered as part of the forensic analysis after an intrusion, especially a TrickBot one.
Given that configuration changes could also affect virtualization systems or other operating system protections, establishing adequate prevention mechanisms becomes even more critical.