iTranslator Driver Based Trojan
The FortiGuard Labs research team recently captured a malware sample, an EXE file, which was signed by an invalid certificate. Once a victim opens the exe file, it installs two drivers to control the victim’s Windows system as well as monitors the Internet activities of the victim’s Web browser.
This was first observed in 2018, iTranslator is an information stealing trojan that uses a pair of software drivers to gain control of an affected system.
At the time of publication, it is unclear how iTranslator is distributed, although there are unconfirmed reports indicating it is being delivered as an executable file via medium-scale spam campaigns or drive-by-downloads from compromised websites.
Indicators Of Compromise
URLs:
hxxp://s3.amazonaws.com/dl.itranslator.info/
hxxps://cdn.immereeako.info/pa.min.js
hxxp://tk.immereeako.info/in.php
hxxp://ask.excedese.xyz/i.php
hxxp://gl.immereeako.info/files/upgrade/32/iTranslator.dll
hxxp://dl.shalleeatt.info/ufiles/32x/iTranslator.dll
Sample SHA-256:
itranslator_02.exe
B73D436D7741F50D29764367CBECC4EE67412230FF0D66B7D1D0E4D26983824D
wintrans.exe
67B45AE63C4E995D3B26FE7E61554AD1A1537EEEE09AAB9409D5894C74C87D03
iTranslator (driver)
E2BD952812DB5A6BBC330CC5C9438FC57637760066B9012FC06A8E591A1667F3
downloaded-itranslator.dll (ver 1.0.7)
C4EDE5E84043AB1432319D74D7A0713225D276600220D0ED5AAEB0B4B7CE36CD
downloaded-itranslator.dll (ver 1.0.8)
873825400FFF2B398ABF397F5A913A45FBD181654F20FBBE7665C239B7A2E8F5
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.