gootkit | 0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00 | Triage

Sharing

General

Target

0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00
Size

104KB
Sample

220604-t68bqsbeem
MD5

8fe5df8c2a121a573062e4eb8ea1e3e2
SHA1

e26e99a7ccd69a198419c785a5d394c94d19ef73
SHA256

0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00
SHA512

ed65560375b4a030686cccfddb48a1693b48601a733db00fa0b7104300b7eb7c3fb1872a8b2a314cb98fd42642fb0a112d838531d0917e1c27865a0216f0f222

Score

10^/10

gootkit 1001 banker botnet suricata trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

pell-talak.com

gudsline.com

Attributes

vendor_id
1001

Targets

- Target
  
  0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00
- Size
  
  104KB
- MD5
  
  8fe5df8c2a121a573062e4eb8ea1e3e2
- SHA1
  
  e26e99a7ccd69a198419c785a5d394c94d19ef73
- SHA256
  
  0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00
- SHA512
  
  ed65560375b4a030686cccfddb48a1693b48601a733db00fa0b7104300b7eb7c3fb1872a8b2a314cb98fd42642fb0a112d838531d0917e1c27865a0216f0f222
Score

10^/10

gootkit 1001 banker botnet suricata trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- suricata: ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
  suricata: ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gootkit1001bankerbotnetsuricatatrojan

behavioral2

gootkit1001bankerbotnetsuricatatrojan