Expert Comments

TrickBot Malware Now Checks Screen Resolution To Evade Analysis – Expert Reaction

Expert(s): Security Experts
Expert(s): Security Experts

The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is running in a virtual machine. If it is, it is most likely being analyzed by a researcher or an automated sandbox system. These anti-VM techniques include looking for particular processes, Windows services, or machine names, and even checking network card MAC addresses or CPU features.

Experts Comments

July 02, 2020
Tarik Saleh
Senior Security Engineer and Malware Researcher
DomainTools
TrickBot is a financial trojan that typically gets dropped by a maldoc spam campaign. It harvests credentials through the Mimikatz tool, using the man-in-the-browser technique and what not. It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. Their usual move of sending spam mailers tied to current events and try to get people to open documents and enable macros that then drop the next payload. This latest.....Read More
TrickBot is a financial trojan that typically gets dropped by a maldoc spam campaign. It harvests credentials through the Mimikatz tool, using the man-in-the-browser technique and what not. It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. Their usual move of sending spam mailers tied to current events and try to get people to open documents and enable macros that then drop the next payload. This latest development which checks whether the malware is being analysed via checking screen resolution will make it even more difficult for security teams to detect and mitigate the effects of TrickBot. The best advice for employees is to exert extreme caution when downloading anything that seems suspicious in over to avoid malware exfiltration in the first place.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

iPhone Bug Identified by Researcher, Patch Now Advised by Expert

Security Expert Re: New NIST Application Security Requirements – One...

Critical Flaw in vCenter Server Could Give Hackers Infrastructure Access

Malicious URLS Slipping Past Security Vendors, Experts Weigh In

Expert Comment: VMware Vulnerabilities Ripe For Exploitation

Comment: CISA, FBI, And NSA Release Joint Cybersecurity Advisory On Conti Ransomware

Google And Facebook For Failing To Tackle Online Fraud

MoD Shares Afghanistan Interpreter’s Emails & PII

APP Fraud Is A Simple Yet Extremely

U.S. Targets Crypto-Ransomware Payments with Sanctions, Cybersecurity Experts Weigh In

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy