Security News > 2020 > March > New TrickBot Variant Updates Anti-Analysis Tricks
Researchers uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components.
"In this post, we detailed how this TrickBot fresh variant works in a victim's machine, what technologies it uses to perform anti-analysis, as well as how the payload of TrickBot communicates with its C&C server to download the modules," said Xiaopeng Zhang with Fortinet's FortiGuard Labs threat team in a Monday analysis.
New Variant Payload. In another change for TrickBot, the downloaded payload in the latest variant is a DLL file while in the previous variant, the payload was an.
After downloading the TrickBot payload in a file in the %temp% folder, the JavaScript file then copies itself into the Windows startup folder so it can start whenever Windows OS starts.
In another slight modification, the newest TrickBot variant also integrates the module "Systeminfo" into the payload file, which was a standalone module before.