gootkit | 18f7a11639af043a534e4057963b460f6fb0b0d4db759e26be48642ac4b228b8 | Triage

Sharing

General

Target

18f7a11639af043a534e4057963b460f6fb0b0d4db759e26be48642ac4b228b8
Size

190KB
Sample

220608-sxbqqsdefm
MD5

e13cf22c3a104d29d375e00ace9121fa
SHA1

7070dde17ec835c1965ca6c3be2de621e94193c9
SHA256

18f7a11639af043a534e4057963b460f6fb0b0d4db759e26be48642ac4b228b8
SHA512

fcb49c4321fb150aa19ca0d0ea86cf8d08d47700986f649f11fc54e8b9c6e216f407e36156f068ad53d0298c800d03b6b6840dd5929d8b33c812aa33feb28701

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  18f7a11639af043a534e4057963b460f6fb0b0d4db759e26be48642ac4b228b8
- Size
  
  190KB
- MD5
  
  e13cf22c3a104d29d375e00ace9121fa
- SHA1
  
  7070dde17ec835c1965ca6c3be2de621e94193c9
- SHA256
  
  18f7a11639af043a534e4057963b460f6fb0b0d4db759e26be48642ac4b228b8
- SHA512
  
  fcb49c4321fb150aa19ca0d0ea86cf8d08d47700986f649f11fc54e8b9c6e216f407e36156f068ad53d0298c800d03b6b6840dd5929d8b33c812aa33feb28701
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan