Evasive Gootkit Banking Trojan | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Backdoor, Dropper, Spyware, Downloader

6ded37a61962a6a6626bd47adb66f5f73742d8d2125cdff1dc3f932d0a8e5d2e (SHA256)

gootkit_vbs-6ded37a6.vir.vbs

VBScript

Created at 2018-12-13 14:00:00

...

Notifications (2/2)

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

The overall sleep time of all monitored processes was truncated from "29 minutes, 45 seconds" to "1 minute, 40 seconds" to reveal dormant functionality.

Top Threat Indicators (View all 57 threat indicators)

Category Operation Classification
Anti Analysis Tries to detect application sandbox -
Anti Analysis Tries to detect virtual machine -
Information Stealing Reads system data Spyware

Screenshots

Monitored Processes

Process Graph

Process Graph Legend

Analysis Information

Creation Time 2018-12-13 15:00 (UTC+1)
Analysis Duration 00:02:00
Number of Monitored Processes 10
Execution Successful True
Reputation Enabled True
WHOIS Enabled True
YARA Enabled True
Termination Reason Timeout
Tags
#malware #evasion

Sample Information

ID #2311034
MD5 e5031e1adceac15c5db78da6f4303905 Copy to Clipboard
SHA1 53c7e365d8f55e0b3cf5e958e3b5da05b456a61b Copy to Clipboard
SHA256 6ded37a61962a6a6626bd47adb66f5f73742d8d2125cdff1dc3f932d0a8e5d2e Copy to Clipboard
SSDeep 3072:Dg+cIZ071HOQBVJ7nxCtGcH8C3fVJ9YTT4pIAFxoftxqKudFAV8cw7OJO4:DgVN1HOQjJ7xCtGcH8OP98T4pZxirju+ Copy to Clipboard
Filename gootkit_vbs-6ded37a6.vir.vbs
File Size 114.79 KB
File Type VBScript

Analyzer Information

Dynamic Analyzer Build Date 2018-11-29 15:24 (UTC+1)
Dynamic Analyzer Version 2.3.2
Static Analyzer Version 1.0.1
VTI Ruleset Version 3.1
YARA Built-in Ruleset Version 1.1
Analysis Report Layout Version 3
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image