gootkit | 14833d90e142456ccaf88e200ae5ecede234bbf5424f0b6ad7ccad2eb7865c64 | Triage

Sharing

General

Target

14833d90e142456ccaf88e200ae5ecede234bbf5424f0b6ad7ccad2eb7865c64
Size

189KB
Sample

220602-zmbfjsfbhp
MD5

1f92c45c4c98819da94648146eb940d8
SHA1

c9a4093fd7362fdb462f523dc21fb8ec654bfba3
SHA256

14833d90e142456ccaf88e200ae5ecede234bbf5424f0b6ad7ccad2eb7865c64
SHA512

9879eac1a5a952cea8e21201db8c877433fe3dc8c0823450c4f1d7b5500d223b3577cea529ac4579390c008c070fc43de305fa2e4882d8b6b75c3eb913ef45dd

Score

10^/10

gootkit 2854 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2854

C2

hop.hopedaleweb.com

zgzimdkwod.top

Attributes

vendor_id
2854

Targets

- Target
  
  14833d90e142456ccaf88e200ae5ecede234bbf5424f0b6ad7ccad2eb7865c64
- Size
  
  189KB
- MD5
  
  1f92c45c4c98819da94648146eb940d8
- SHA1
  
  c9a4093fd7362fdb462f523dc21fb8ec654bfba3
- SHA256
  
  14833d90e142456ccaf88e200ae5ecede234bbf5424f0b6ad7ccad2eb7865c64
- SHA512
  
  9879eac1a5a952cea8e21201db8c877433fe3dc8c0823450c4f1d7b5500d223b3577cea529ac4579390c008c070fc43de305fa2e4882d8b6b75c3eb913ef45dd
Score

10^/10

gootkit 2854 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit2854bankerbotnettrojan

behavioral2

gootkit2854bankerbotnettrojan