gootkit | 956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42 | Triage

Sharing

General

Target

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
Size

157KB
Sample

210616-bawfrdptsn
MD5

94f7c4c80eb1723977b6f31dbb0f1b3e
SHA1

a335b3ede802fdb1971b27eb1b3f0996e30237ab
SHA256

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
SHA512

a25788f6ad990a6c9ae1b0f36a07849e9aadb8283fe5e2385f4686f6d7a3f459c0162c09ce5ff2e831202fc8995143b5cf5f5597d249a3b78afa84a96702e347

Score

10^/10

gootkit 2860

Malware Config

Extracted

Family

gootkit

Botnet

2860

C2

adp.reevesandcompany.com

picturecrafting.site

Attributes

vendor_id
2860

Targets

- Target
  
  956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
- Size
  
  157KB
- MD5
  
  94f7c4c80eb1723977b6f31dbb0f1b3e
- SHA1
  
  a335b3ede802fdb1971b27eb1b3f0996e30237ab
- SHA256
  
  956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
- SHA512
  
  a25788f6ad990a6c9ae1b0f36a07849e9aadb8283fe5e2385f4686f6d7a3f459c0162c09ce5ff2e831202fc8995143b5cf5f5597d249a3b78afa84a96702e347
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2