gootkit | 048672680dcc8d37624246e5d17e3c63256e2006a9d87650d46ae27f2a9fa987 | Triage

Sharing

General

Target

048672680dcc8d37624246e5d17e3c63256e2006a9d87650d46ae27f2a9fa987
Size

189KB
Sample

220527-zmc95sgccj
MD5

44fb1c3799e994e598043c1dec99a490
SHA1

095efca7cbd3601b93dc1680a6ead49f2e3fb4dd
SHA256

048672680dcc8d37624246e5d17e3c63256e2006a9d87650d46ae27f2a9fa987
SHA512

99c8d7edc0e4baf106497ae39734884091fe79d36e71830078c2ae2f376ed63d212ec9e15257ac84784971aa87079e9709a5a089cd30eee0c1a6e25cb34d0b9e

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  048672680dcc8d37624246e5d17e3c63256e2006a9d87650d46ae27f2a9fa987
- Size
  
  189KB
- MD5
  
  44fb1c3799e994e598043c1dec99a490
- SHA1
  
  095efca7cbd3601b93dc1680a6ead49f2e3fb4dd
- SHA256
  
  048672680dcc8d37624246e5d17e3c63256e2006a9d87650d46ae27f2a9fa987
- SHA512
  
  99c8d7edc0e4baf106497ae39734884091fe79d36e71830078c2ae2f376ed63d212ec9e15257ac84784971aa87079e9709a5a089cd30eee0c1a6e25cb34d0b9e
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan