Overview

overview

10

Static

static

3

ItroublveT...SC.exe

windows7-x64

10

ItroublveT...SC.exe

windows10-2004-x64

10

ItroublveT...rv.exe

windows7-x64

10

ItroublveT...rv.exe

windows10-2004-x64

9

ItroublveT...ram.js

windows7-x64

1

ItroublveT...ram.js

windows10-2004-x64

1

ItroublveT...er.vbs

windows7-x64

1

ItroublveT...er.vbs

windows10-2004-x64

1

ItroublveT...es.vbs

windows7-x64

1

ItroublveT...es.vbs

windows10-2004-x64

1

ItroublveT...LI.exe

windows7-x64

1

ItroublveT...LI.exe

windows10-2004-x64

1

ItroublveT...re.dll

windows7-x64

1

ItroublveT...re.dll

windows10-2004-x64

1

ItroublveT...er.dll

windows7-x64

1

ItroublveT...er.dll

windows10-2004-x64

1

ItroublveT...ns.dll

windows7-x64

1

ItroublveT...ns.dll

windows10-2004-x64

1

ItroublveT...er.dll

windows7-x64

1

ItroublveT...er.dll

windows10-2004-x64

1

ItroublveT...me.dll

windows7-x64

1

ItroublveT...me.dll

windows10-2004-x64

ItroublveT...en.dll

windows7-x64

1

ItroublveT...en.dll

windows10-2004-x64

1

ItroublveT...ib.dll

windows7-x64

1

ItroublveT...ib.dll

windows10-2004-x64

1

ItroublveT...le.dll

windows7-x64

1

ItroublveT...le.dll

windows10-2004-x64

1

ItroublveT...le.dll

windows7-x64

1

ItroublveT...le.dll

windows10-2004-x64

1

ItroublveT...le.dll

windows7-x64

1

ItroublveT...le.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-04-2024 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ItroublveTSC-master/bin/Binaries/RtkBtManServ.exe

  • Size

    2.8MB

  • MD5

    88ab0bb59b0b20816a833ba91c1606d3

  • SHA1

    72c09b7789a4bac8fee41227d101daed8437edeb

  • SHA256

    f4fb42c8312a6002a8783e2a1ab4571eb89e92cd192b1a21e8c4582205c37312

  • SHA512

    05cff2ca00ba940d9371c469bce6ffb4795c845d77525b8a1d4919f708296e66c0a6f3143c5964f5e963955e4f527a70624651113e72dc977f5ef40fa0276857

  • SSDEEP

    49152:AsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:6qXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

Score
10/10
gozibankerisfbtrojan

Malware Config

Extracted

Family

gozi

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi
  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • Nirsoft 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ItroublveTSC-master\bin\Binaries\RtkBtManServ.exe
    "C:\Users\Admin\AppData\Local\Temp\ItroublveTSC-master\bin\Binaries\RtkBtManServ.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1640 -s 604
      2⤵
        PID:2928

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1640-0-0x0000000000390000-0x000000000066A000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/1640-1-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1640-2-0x000000001B6C0000-0x000000001BA02000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1640-3-0x0000000000240000-0x0000000000246000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1640-4-0x000000001B4A0000-0x000000001B520000-memory.dmp

      Filesize

      512KB

      Download

    • memory/1640-5-0x0000000000890000-0x0000000000940000-memory.dmp

      Filesize

      704KB

      Download

    • memory/1640-36-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1640-37-0x000000001B4A0000-0x000000001B520000-memory.dmp

      Filesize

      512KB

      Download