Analysis
-
max time kernel
90s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-06-2022 16:41
General
-
Target
0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00.exe
-
Size
104KB
-
MD5
8fe5df8c2a121a573062e4eb8ea1e3e2
-
SHA1
e26e99a7ccd69a198419c785a5d394c94d19ef73
-
SHA256
0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00
-
SHA512
ed65560375b4a030686cccfddb48a1693b48601a733db00fa0b7104300b7eb7c3fb1872a8b2a314cb98fd42642fb0a112d838531d0917e1c27865a0216f0f222
Score
10/10
Malware Config
Extracted
Family
gootkit
Botnet
1001
C2
pell-talak.com
gudsline.com
Attributes
-
vendor_id
1001
Signatures
-
Gootkit
Gootkit is a banking trojan, where large parts are written in node.JS.
-
suricata: ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
suricata: ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00.exe"C:\Users\Admin\AppData\Local\Temp\0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00.exe"C:\Users\Admin\AppData\Local\Temp\0f1d79b7bebfb7bcfab9823392e986f982d869ba36928bd5f3d61af536ec5a00.exe" kdwuscdnctzartmutioa2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1516-133-0x0000000000000000-mapping.dmp
-
memory/1516-134-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/1516-135-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/1516-136-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/1516-137-0x0000000010000000-0x000000001000D000-memory.dmpFilesize
52KB
-
memory/4108-130-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/4108-131-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB
-
memory/4108-132-0x0000000000400000-0x000000000041D000-memory.dmpFilesize
116KB