gootkit | 247077bc185d1ec230d12bad5f70a7da1d9493c0b966a3fe15ed54cfa7bbd8a9 | Triage

Sharing

General

Target

247077bc185d1ec230d12bad5f70a7da1d9493c0b966a3fe15ed54cfa7bbd8a9
Size

247KB
Sample

220611-172znsehg2
MD5

3e1026bb14602afb05f99e257e7c3bf4
SHA1

d1aba179d400901d32325a4705c734ab27ba4c27
SHA256

247077bc185d1ec230d12bad5f70a7da1d9493c0b966a3fe15ed54cfa7bbd8a9
SHA512

9a46051fa2fc33aa9f469932df8d0533326831ffebe1b96ea57013c8c3fe9f5702dc9914117772e34658b7005486d16607c6c8c04669d47c4b9c85e47e0ca520

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

chaabattent.com

kladrykroptur.com

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

Attributes

vendor_id
777

Targets

- Target
  
  247077bc185d1ec230d12bad5f70a7da1d9493c0b966a3fe15ed54cfa7bbd8a9
- Size
  
  247KB
- MD5
  
  3e1026bb14602afb05f99e257e7c3bf4
- SHA1
  
  d1aba179d400901d32325a4705c734ab27ba4c27
- SHA256
  
  247077bc185d1ec230d12bad5f70a7da1d9493c0b966a3fe15ed54cfa7bbd8a9
- SHA512
  
  9a46051fa2fc33aa9f469932df8d0533326831ffebe1b96ea57013c8c3fe9f5702dc9914117772e34658b7005486d16607c6c8c04669d47c4b9c85e47e0ca520
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan