Overview

overview

10

Static

static

0ca397cd9b...44.exe

windows7_x64

10

0ca397cd9b...44.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ca397cd9b4dd05d04216e1511fcfb820e91383d82f34dc003698f4fc3f11744

  • Size

    268KB

  • Sample

    220529-3ah7eadfh9

  • MD5

    03f6ec5cca4b5d0eb52775125e770f07

  • SHA1

    782a8fd49bbc5fe7ff3c28508561a400fc22732e

  • SHA256

    0ca397cd9b4dd05d04216e1511fcfb820e91383d82f34dc003698f4fc3f11744

  • SHA512

    21a6896b3f3f2451a29aa3216d0dbb12c00b7f79f02319beaf10d5226f669cbdc3f7623e17da65d82d5320703fb9c17f713793e250d124492491cd9b19815ef8

Score
10/10
gootkit410bankerbotnettrojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk
Attributes
  • vendor_id

    410

Targets

    • Target

      0ca397cd9b4dd05d04216e1511fcfb820e91383d82f34dc003698f4fc3f11744

    • Size

      268KB

    • MD5

      03f6ec5cca4b5d0eb52775125e770f07

    • SHA1

      782a8fd49bbc5fe7ff3c28508561a400fc22732e

    • SHA256

      0ca397cd9b4dd05d04216e1511fcfb820e91383d82f34dc003698f4fc3f11744

    • SHA512

      21a6896b3f3f2451a29aa3216d0dbb12c00b7f79f02319beaf10d5226f669cbdc3f7623e17da65d82d5320703fb9c17f713793e250d124492491cd9b19815ef8

    Score
    10/10
    gootkit410bankerbotnettrojan

    • Gootkit

      Gootkit is a banking trojan, where large parts are written in node.JS.

      trojanbankerbotnetgootkit

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks