gootkit | 141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b | Triage

Sharing

General

Target

05a1103b03aec2005386119fd29cedf8
Size

250KB
Sample

210204-a1qrswqd8n
MD5

05a1103b03aec2005386119fd29cedf8
SHA1

455e579b34f9607d21b6195644b756ffb09a53a6
SHA256

141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b
SHA512

22f88654f41414367e23d14eefe7f3caa88ae432216f85d9d4d3a82fce1c428917bfe60c12d15268d72347c6ce1887a3263bb28416c04c255d270531bd0ef711

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

charnchiumbong.com

kiwimujirahdron.com

Attributes

vendor_id
777

Targets

- Target
  
  05a1103b03aec2005386119fd29cedf8
- Size
  
  250KB
- MD5
  
  05a1103b03aec2005386119fd29cedf8
- SHA1
  
  455e579b34f9607d21b6195644b756ffb09a53a6
- SHA256
  
  141b78ce7b21a31bffc8a05311d96b8347aca36a69fa4768f8a32fae2ce12b8b
- SHA512
  
  22f88654f41414367e23d14eefe7f3caa88ae432216f85d9d4d3a82fce1c428917bfe60c12d15268d72347c6ce1887a3263bb28416c04c255d270531bd0ef711
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan