05a1103b03aec2005386119fd29cedf8

General
Target

05a1103b03aec2005386119fd29cedf8

Size

250KB

Sample

210204-a1qrswqd8n

Score
10 /10
MD5

05a1103b03aec2005386119fd29cedf8

SHA1

455e579b34f9607d21b6195644b756ffb09a53a6

SHA256

141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b

SHA512

22f88654f41414367e23d14eefe7f3caa88ae432216f85d9d4d3a82fce1c428917bfe60c12d15268d72347c6ce1887a3263bb28416c04c255d270531bd0ef711

Malware Config

Extracted

Family gootkit
Botnet 777
C2

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

charnchiumbong.com

kiwimujirahdron.com

Attributes
vendor_id
777
Targets
Target

05a1103b03aec2005386119fd29cedf8

MD5

05a1103b03aec2005386119fd29cedf8

Filesize

250KB

Score
10 /10
SHA1

455e579b34f9607d21b6195644b756ffb09a53a6

SHA256

141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b

SHA512

22f88654f41414367e23d14eefe7f3caa88ae432216f85d9d4d3a82fce1c428917bfe60c12d15268d72347c6ce1887a3263bb28416c04c255d270531bd0ef711

Tags

Signatures

  • Gootkit

    Description

    Gootkit is a banking trojan, where large parts are written in node.JS.

    Tags

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10