TrickBot malware now checks screen resolution to evade analysis

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. [....]

In a new sample of the TrickBot Trojan discovered by cybersecurity firm MalwareLab's Maciej Kotowicz, the malware is now checking an infected computer's screen resolution to determine if it's a virtual machine. In a tweet, Kotowicz stated that a new sample of TrickBot is checking if the computer's screen resolution is 800x600 or 1024x768, and if it is, TrickBot will terminate. TrickBot is checking for these particular resolutions because of how the researchers commonly configure their malware analysis virtual machines.

When configuring a virtual machine, most researchers will not install the VM guest software that allows for better screen resolutions, better mouse control, improved networking, and other features. Without the guest software, though, a virtual machine will typically not allow any resolutions other than 800x600 and 1024x768, compared to ordinary screen resolutions that are much higher.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top