gootkit | e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275 | Triage

Sharing

General

Target

e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275
Size

157KB
Sample

210616-sywqcsl8hj
MD5

4b06a9dd4d1e21da9c2810202188a625
SHA1

693e872947ef658cf2cf6215fc1562b5645ec3c4
SHA256

e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275
SHA512

28180fb909f692e9ad00058abf5b8b920bcc44907275151825f570c808ff417d9e501493f1a55ef8f112434ceb70e64cf8214e8fb8018933faa949078908461c

Score

10^/10

gootkit 2860

Malware Config

Extracted

Family

gootkit

Botnet

2860

C2

adp.reevesandcompany.com

picturecrafting.site

Attributes

vendor_id
2860

Targets

- Target
  
  e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275
- Size
  
  157KB
- MD5
  
  4b06a9dd4d1e21da9c2810202188a625
- SHA1
  
  693e872947ef658cf2cf6215fc1562b5645ec3c4
- SHA256
  
  e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275
- SHA512
  
  28180fb909f692e9ad00058abf5b8b920bcc44907275151825f570c808ff417d9e501493f1a55ef8f112434ceb70e64cf8214e8fb8018933faa949078908461c
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2