gootkit | 2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381 | Triage

Sharing

General

Target

2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
Size

264KB
Sample

220615-hvveysefe4
MD5

578ac3fe0df90112226441f97d3e2538
SHA1

c78c19c7b4f79c80e4ae3aa2b09b546102f2f78d
SHA256

2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
SHA512

d8dc0fb2c530b99a37e57a4542b191997b3ad0590a4ee6a85945ecd5b04718c90680473b7b20a4e8883a6587188ada9766eb323c0e6f4b553f667402afb7ef7d

Score

10^/10

gootkit 410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk

Attributes

vendor_id
410

Targets

- Target
  
  2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
- Size
  
  264KB
- MD5
  
  578ac3fe0df90112226441f97d3e2538
- SHA1
  
  c78c19c7b4f79c80e4ae3aa2b09b546102f2f78d
- SHA256
  
  2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
- SHA512
  
  d8dc0fb2c530b99a37e57a4542b191997b3ad0590a4ee6a85945ecd5b04718c90680473b7b20a4e8883a6587188ada9766eb323c0e6f4b553f667402afb7ef7d
Score

10^/10

gootkit 410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit410bankerbotnettrojan

behavioral2