gootkit | 226792baf638fbc82be1396e926e06a6d3570f6f8b5bf14439fee0ee5af5bd9b | Triage

Sharing

General

Target

226792baf638fbc82be1396e926e06a6d3570f6f8b5bf14439fee0ee5af5bd9b
Size

187KB
Sample

220612-f1h8rsfhfn
MD5

23e26f6748b07db1b464f5d237917282
SHA1

3a27db2d1ac8a8fc30d972f4b9d7f91e99d7f96f
SHA256

226792baf638fbc82be1396e926e06a6d3570f6f8b5bf14439fee0ee5af5bd9b
SHA512

53e86805989a7a18964cb44ea514d1728a97931979bdbc991011a5a88fa8a49564f1bffb59ca061666cae37eb020e87c00c9d4361c2c5fb4f696f418e5ca7d53

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  226792baf638fbc82be1396e926e06a6d3570f6f8b5bf14439fee0ee5af5bd9b
- Size
  
  187KB
- MD5
  
  23e26f6748b07db1b464f5d237917282
- SHA1
  
  3a27db2d1ac8a8fc30d972f4b9d7f91e99d7f96f
- SHA256
  
  226792baf638fbc82be1396e926e06a6d3570f6f8b5bf14439fee0ee5af5bd9b
- SHA512
  
  53e86805989a7a18964cb44ea514d1728a97931979bdbc991011a5a88fa8a49564f1bffb59ca061666cae37eb020e87c00c9d4361c2c5fb4f696f418e5ca7d53
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan