gootkit | 1c402ae634eac550f21d698329fca0c62a50450a5b373f9f492eef2f4fa1a2cc | Triage

Sharing

General

Target

1c402ae634eac550f21d698329fca0c62a50450a5b373f9f492eef2f4fa1a2cc
Size

117KB
Sample

220607-tlkpyabea2
MD5

ada4085a5d32e6a930ef5a30f798e58d
SHA1

f36563de3e43af2d3fcaf706e4bc2f9b177eaa79
SHA256

1c402ae634eac550f21d698329fca0c62a50450a5b373f9f492eef2f4fa1a2cc
SHA512

91ca02156a111de3d23c3dc23a1682b3066dbd21b075b64f74426a3bd279bf89dd719cbac8f1730a43b8b534ca6811b3d6cd054b5fd163a215da529b4ac6371d

Score

10^/10

gootkit 1234 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

1234

C2

zalipon.wollega.com

trussardi.qunamti.com

luga5lindalupina.com

Attributes

vendor_id
1234

Targets

- Target
  
  1c402ae634eac550f21d698329fca0c62a50450a5b373f9f492eef2f4fa1a2cc
- Size
  
  117KB
- MD5
  
  ada4085a5d32e6a930ef5a30f798e58d
- SHA1
  
  f36563de3e43af2d3fcaf706e4bc2f9b177eaa79
- SHA256
  
  1c402ae634eac550f21d698329fca0c62a50450a5b373f9f492eef2f4fa1a2cc
- SHA512
  
  91ca02156a111de3d23c3dc23a1682b3066dbd21b075b64f74426a3bd279bf89dd719cbac8f1730a43b8b534ca6811b3d6cd054b5fd163a215da529b4ac6371d
Score

10^/10

gootkit 1234 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit1234bankerbotnettrojan

behavioral2

gootkit1234bankerbotnettrojan