gootkit | 5eb9121d5de5ab6ee44a89c29622c49fae4f5d1c7178929964b3adaa5d8623e0 | Triage

Sharing

General

Target

5eb9121d5de5ab6ee44a89c29622c49fae4f5d1c7178929964b3adaa5d8623e0
Size

229KB
Sample

210907-s2eyyschb4
MD5

3de1f88ca994482e852010ef0efb333e
SHA1

52bdc92f01baa2c62e18d40af7a58121ec0dfa28
SHA256

5eb9121d5de5ab6ee44a89c29622c49fae4f5d1c7178929964b3adaa5d8623e0
SHA512

4459cb7581d3c6b0ce159ade11827dc1ed793141f1744ae8cecd78504842c74da36eb99fbf53ab2863773c7b07803ead542c1981c813b2b2b6ac4eaf08c1314c

Score

10^/10

gootkit 4444 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

4444

C2

secure256bit.at

secure2048.at

Attributes

vendor_id
4444

Targets

- Target
  
  5eb9121d5de5ab6ee44a89c29622c49fae4f5d1c7178929964b3adaa5d8623e0
- Size
  
  229KB
- MD5
  
  3de1f88ca994482e852010ef0efb333e
- SHA1
  
  52bdc92f01baa2c62e18d40af7a58121ec0dfa28
- SHA256
  
  5eb9121d5de5ab6ee44a89c29622c49fae4f5d1c7178929964b3adaa5d8623e0
- SHA512
  
  4459cb7581d3c6b0ce159ade11827dc1ed793141f1744ae8cecd78504842c74da36eb99fbf53ab2863773c7b07803ead542c1981c813b2b2b6ac4eaf08c1314c
Score

10^/10

gootkit 4444 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit4444bankerbotnettrojan

behavioral2

gootkit4444bankerbotnettrojan