General
-
Target
5766bffa91f87cd08582fac05209c5d8d9356ad88e15499038dc624c0ccbc468
-
Size
286KB
-
Sample
220219-2lh54sead3
-
MD5
350c0b08ec0452a070bbed6fc730b17c
-
SHA1
15d23e2d535bf6540491fdaae6ef8d617ec47930
-
SHA256
5766bffa91f87cd08582fac05209c5d8d9356ad88e15499038dc624c0ccbc468
-
SHA512
725cd3062b4aa68eb93a7bc1a3f7318f84cf003a296e2bfe11b884579ea8a0f6e25d86821fce3c4c40ae0e5fb67ab167aafafb65e9d7451c9923327eb9123a3c
Malware Config
Extracted
gootkit
6546
servicemanager.icu
partnerservice.xyz
-
vendor_id
6546
Targets
-
-
Target
5766bffa91f87cd08582fac05209c5d8d9356ad88e15499038dc624c0ccbc468
-
Size
286KB
-
MD5
350c0b08ec0452a070bbed6fc730b17c
-
SHA1
15d23e2d535bf6540491fdaae6ef8d617ec47930
-
SHA256
5766bffa91f87cd08582fac05209c5d8d9356ad88e15499038dc624c0ccbc468
-
SHA512
725cd3062b4aa68eb93a7bc1a3f7318f84cf003a296e2bfe11b884579ea8a0f6e25d86821fce3c4c40ae0e5fb67ab167aafafb65e9d7451c9923327eb9123a3c
Score10/10-
Gootkit
Gootkit is a banking trojan, where large parts are written in node.JS.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-