gootkit | 0a4cc9853314d239f89249e5b6acae8ab2d3e5afbd9e124b6571517a12a00a80 | Triage

Sharing

General

Target

0a4cc9853314d239f89249e5b6acae8ab2d3e5afbd9e124b6571517a12a00a80
Size

254KB
Sample

220530-s6lx3aaec3
MD5

2bafe52150d3c2f18382848d832e3211
SHA1

31182a580758a69c3dcdbe8fb3e6e4126bbc7dc0
SHA256

0a4cc9853314d239f89249e5b6acae8ab2d3e5afbd9e124b6571517a12a00a80
SHA512

981c60770f7cefd705a010ac438f74cdefce2f7f5d6d0c4c3a5d519e8b662aa18b070514ce8c4cb6e70a81a1a9be7acd1e66b7a8035817abdac60ca86029dc5d

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

chaabattent.com

kladrykroptur.com

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

Attributes

vendor_id
777

Targets

- Target
  
  0a4cc9853314d239f89249e5b6acae8ab2d3e5afbd9e124b6571517a12a00a80
- Size
  
  254KB
- MD5
  
  2bafe52150d3c2f18382848d832e3211
- SHA1
  
  31182a580758a69c3dcdbe8fb3e6e4126bbc7dc0
- SHA256
  
  0a4cc9853314d239f89249e5b6acae8ab2d3e5afbd9e124b6571517a12a00a80
- SHA512
  
  981c60770f7cefd705a010ac438f74cdefce2f7f5d6d0c4c3a5d519e8b662aa18b070514ce8c4cb6e70a81a1a9be7acd1e66b7a8035817abdac60ca86029dc5d
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan