gootkit | 087b9f549d23316dc43dd3f6b2280fdfde113bc457b785066f8657115a7ef555 | Triage

Sharing

General

Target

087b9f549d23316dc43dd3f6b2280fdfde113bc457b785066f8657115a7ef555
Size

264KB
Sample

220530-1npj8sgcek
MD5

af0b810ee30058e5cea264fed2a15f05
SHA1

7aae8004f0042d3c4d250ace81053dbc3e31fecf
SHA256

087b9f549d23316dc43dd3f6b2280fdfde113bc457b785066f8657115a7ef555
SHA512

56b7da6973995c0e007ce78f62c5a45db54f8448ff7f0af6fcebe1a5f63c5d30b6864b7d0ae5c940f0db1d12c7363d87037a2b166caf51bc9b32175a95072710

Score

10^/10

gootkit 410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk

Attributes

vendor_id
410

Targets

- Target
  
  087b9f549d23316dc43dd3f6b2280fdfde113bc457b785066f8657115a7ef555
- Size
  
  264KB
- MD5
  
  af0b810ee30058e5cea264fed2a15f05
- SHA1
  
  7aae8004f0042d3c4d250ace81053dbc3e31fecf
- SHA256
  
  087b9f549d23316dc43dd3f6b2280fdfde113bc457b785066f8657115a7ef555
- SHA512
  
  56b7da6973995c0e007ce78f62c5a45db54f8448ff7f0af6fcebe1a5f63c5d30b6864b7d0ae5c940f0db1d12c7363d87037a2b166caf51bc9b32175a95072710
Score

10^/10

gootkit 410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit410bankerbotnettrojan

behavioral2

gootkit410bankerbotnettrojan