gootkit | 18001d0fc59814fb6054d924f2b5f6c299b9e7a9c5ae2cd2f55826554d3bb448 | Triage

Sharing

General

Target

18001d0fc59814fb6054d924f2b5f6c299b9e7a9c5ae2cd2f55826554d3bb448
Size

190KB
Sample

220608-xhe7tsgfb4
MD5

aa9aadce68be8d37d9bed2253ebdec5a
SHA1

beee06b9313094fa884a5f88d01f30ea8ec42085
SHA256

18001d0fc59814fb6054d924f2b5f6c299b9e7a9c5ae2cd2f55826554d3bb448
SHA512

85e3fa262938f163fb3aeaab1d07db7fbbb297cb92480ccf608c744361909051ab1dcb289e2621acca91f2681b5312b95f8fc7ea72aded5cce11c378b5b6c430

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  18001d0fc59814fb6054d924f2b5f6c299b9e7a9c5ae2cd2f55826554d3bb448
- Size
  
  190KB
- MD5
  
  aa9aadce68be8d37d9bed2253ebdec5a
- SHA1
  
  beee06b9313094fa884a5f88d01f30ea8ec42085
- SHA256
  
  18001d0fc59814fb6054d924f2b5f6c299b9e7a9c5ae2cd2f55826554d3bb448
- SHA512
  
  85e3fa262938f163fb3aeaab1d07db7fbbb297cb92480ccf608c744361909051ab1dcb289e2621acca91f2681b5312b95f8fc7ea72aded5cce11c378b5b6c430
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan