General

  • Target

    05a1103b03aec2005386119fd29cedf8

  • Size

    250KB

  • Sample

    210204-a1qrswqd8n

  • MD5

    05a1103b03aec2005386119fd29cedf8

  • SHA1

    455e579b34f9607d21b6195644b756ffb09a53a6

  • SHA256

    141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b

  • SHA512

    22f88654f41414367e23d14eefe7f3caa88ae432216f85d9d4d3a82fce1c428917bfe60c12d15268d72347c6ce1887a3263bb28416c04c255d270531bd0ef711

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

charnchiumbong.com

kiwimujirahdron.com

Attributes
vendor_id
777

Targets

    • Target

      05a1103b03aec2005386119fd29cedf8

    • Size

      250KB

    • MD5

      05a1103b03aec2005386119fd29cedf8

    • SHA1

      455e579b34f9607d21b6195644b756ffb09a53a6

    • SHA256

      141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b

    • SHA512

      22f88654f41414367e23d14eefe7f3caa88ae432216f85d9d4d3a82fce1c428917bfe60c12d15268d72347c6ce1887a3263bb28416c04c255d270531bd0ef711

    • Gootkit

      Gootkit is a banking trojan, where large parts are written in node.JS.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks