gootkit | 2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381 | Triage

Sharing

General

Target

2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
Size

264KB
Sample

220615-hvveysefe4
MD5

578ac3fe0df90112226441f97d3e2538
SHA1

c78c19c7b4f79c80e4ae3aa2b09b546102f2f78d
SHA256

2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
SHA512

d8dc0fb2c530b99a37e57a4542b191997b3ad0590a4ee6a85945ecd5b04718c90680473b7b20a4e8883a6587188ada9766eb323c0e6f4b553f667402afb7ef7d

Score

10^/10

gootkit 410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk

Attributes

vendor_id
410

Targets

- Target
  
  2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
- Size
  
  264KB
- MD5
  
  578ac3fe0df90112226441f97d3e2538
- SHA1
  
  c78c19c7b4f79c80e4ae3aa2b09b546102f2f78d
- SHA256
  
  2a0af44882a0b6bedb7f054b76a95735cc680511fd396ae14bd9e2b076bab381
- SHA512
  
  d8dc0fb2c530b99a37e57a4542b191997b3ad0590a4ee6a85945ecd5b04718c90680473b7b20a4e8883a6587188ada9766eb323c0e6f4b553f667402afb7ef7d
Score

10^/10

gootkit 410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit410bankerbotnettrojan

behavioral2