gootkit | a3c243afceb1fb38f25ae81816891d7d7c11ae76e80a43f31d2ceb9833f2f3df | Triage

Sharing

General

Target

a3c243afceb1fb38f25ae81816891d7d7c11ae76e80a43f31d2ceb9833f2f3df
Size

619KB
Sample

220219-1mgs1aeedm
MD5

a4a24a3daed6b4673884187b131c968b
SHA1

b20661090b7305239d75209bac8d2179f648dcaa
SHA256

a3c243afceb1fb38f25ae81816891d7d7c11ae76e80a43f31d2ceb9833f2f3df
SHA512

3f49b3876921b41483b907066c9f1f6a61d3fe759219c2db8cb048473b94ba52ab064fcc7c4615da2e1b8056dedc93bf22ed865ff4df442e5ba5c43b1c6082dc

Score

10^/10

gootkit 260319 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

260319

C2

sillikogermin.com

feferturietan.com

manjuorlidnqo.com

chechelderpos.com

kalamindridro.com

Attributes

vendor_id
260319

Targets

- Target
  
  a3c243afceb1fb38f25ae81816891d7d7c11ae76e80a43f31d2ceb9833f2f3df
- Size
  
  619KB
- MD5
  
  a4a24a3daed6b4673884187b131c968b
- SHA1
  
  b20661090b7305239d75209bac8d2179f648dcaa
- SHA256
  
  a3c243afceb1fb38f25ae81816891d7d7c11ae76e80a43f31d2ceb9833f2f3df
- SHA512
  
  3f49b3876921b41483b907066c9f1f6a61d3fe759219c2db8cb048473b94ba52ab064fcc7c4615da2e1b8056dedc93bf22ed865ff4df442e5ba5c43b1c6082dc
Score

10^/10

gootkit 260319 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit260319bankerbotnettrojan

behavioral2

gootkit260319bankerbotnettrojan