gootkit | c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353 | Triage

Submit
Reports

Overview

overview

Static

static

c1ae38afb6...53.exe

windows7_x64

c1ae38afb6...53.exe

windows10-2004_x64

Sharing

General

Target

c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353
Size

287KB
Sample

220219-z9kbzaedbj
MD5

ef45a5b40438205dc050f4afebc278b5
SHA1

6760ea10d2e201b688d841ee11c841653ede94f5
SHA256

c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353
SHA512

fcceff6a644a09fdae46ffc306743277d6cc078c273b7dd6f85be97592aa23ca4631bf6564dbd130f9aaa38536066af3b61713a07984e9d7e0a9909cd635b021

Score

10^/10

gootkit 6546 banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353.exe

Resource

win7-en-20211208

gootkit 6546 banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353.exe

Resource

win10v2004-en-20220112

gootkit 6546 banker botnet trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gootkit

Botnet

6546

C2

servicemanager.icu

partnerservice.xyz

Attributes

vendor_id
6546

Targets

- Target
  
  c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353
- Size
  
  287KB
- MD5
  
  ef45a5b40438205dc050f4afebc278b5
- SHA1
  
  6760ea10d2e201b688d841ee11c841653ede94f5
- SHA256
  
  c1ae38afb6c82b9107868d66318095f1c00f1e92dddc0ee953c23a8de4ace353
- SHA512
  
  fcceff6a644a09fdae46ffc306743277d6cc078c273b7dd6f85be97592aa23ca4631bf6564dbd130f9aaa38536066af3b61713a07984e9d7e0a9909cd635b021
Score

10^/10

gootkit 6546 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit6546bankerbotnettrojan

behavioral2

gootkit6546bankerbotnettrojan

© 2018-2024

Terms | Privacy