TrickBot Malware Now Checks Screen Resolution To Evade Analysis – Expert Reaction

The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is running in a virtual machine. If it is, it is most likely being analyzed by a researcher or an automated sandbox system. These anti-VM techniques include looking for particular processes, Windows services, or machine names, and even checking network card MAC addresses or CPU features.


EXPERTS COMMENTS
Tarik Saleh, Senior Security Engineer and Malware Researcher,  DomainTools
July 02, 2020
It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools.
TrickBot is a financial trojan that typically gets dropped by a maldoc spam campaign. It harvests credentials through the Mimikatz tool, using the man-in-the-browser technique and what not. It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. Their usual move of sending spam mailers tied to current events and try to get ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article