gootkit | 3966cb4e8d6f111dd98fb07158547d0080a9b9cba698c73b42c2499cdbb70416 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3966cb4e8d6f111dd98fb07158547d0080a9b9cba698c73b42c2499cdbb70416
Size

270KB
Sample

210618-nsakqhw8re
MD5

97713132e4ea03422d3915bab1c42074
SHA1

a90c6e7c5650e73ceb0b329fa8c78045632100ee
SHA256

3966cb4e8d6f111dd98fb07158547d0080a9b9cba698c73b42c2499cdbb70416
SHA512

fd62ec34a648c56864973b86bc316fc109c7932c47fb58c5b0a44ef1d68a97a4f950cb9f67a0f2020889168cb3b0875b807dca0ba66cb09549661458f1132fbe

Score

10^/10

gootkit 555 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

555

C2

scellapreambulus.top

kerymarynicegross.top

pillygreamstronh.com

kvaladrigrosdrom.top

lbegardingstorque.com

Attributes

vendor_id
555

Targets

- Target
  
  3966cb4e8d6f111dd98fb07158547d0080a9b9cba698c73b42c2499cdbb70416
- Size
  
  270KB
- MD5
  
  97713132e4ea03422d3915bab1c42074
- SHA1
  
  a90c6e7c5650e73ceb0b329fa8c78045632100ee
- SHA256
  
  3966cb4e8d6f111dd98fb07158547d0080a9b9cba698c73b42c2499cdbb70416
- SHA512
  
  fd62ec34a648c56864973b86bc316fc109c7932c47fb58c5b0a44ef1d68a97a4f950cb9f67a0f2020889168cb3b0875b807dca0ba66cb09549661458f1132fbe
Score

10^/10

gootkit 555 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit555bankerbotnettrojan

behavioral2

gootkit555bankerbotnettrojan