gootkit | 3079b740d91179832f75ba23052eca8c19983252c274740be1e045cb588886c9 | Triage

Sharing

General

Target

3079b740d91179832f75ba23052eca8c19983252c274740be1e045cb588886c9
Size

189KB
Sample

220621-ebfkxachf3
MD5

3cb577465c985e8b34afc6e40fa8d458
SHA1

4c416ba9ac99e0357dfd30fe39eb897d51bd8195
SHA256

3079b740d91179832f75ba23052eca8c19983252c274740be1e045cb588886c9
SHA512

473d1e066af7dd35052bbf8b3cfa87aa273d87754c532f059a224ab19818b103fe76d2ffcdb9b2e0e59c1aa8505538e17abbd175ca40724b2a9452da84653673

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  3079b740d91179832f75ba23052eca8c19983252c274740be1e045cb588886c9
- Size
  
  189KB
- MD5
  
  3cb577465c985e8b34afc6e40fa8d458
- SHA1
  
  4c416ba9ac99e0357dfd30fe39eb897d51bd8195
- SHA256
  
  3079b740d91179832f75ba23052eca8c19983252c274740be1e045cb588886c9
- SHA512
  
  473d1e066af7dd35052bbf8b3cfa87aa273d87754c532f059a224ab19818b103fe76d2ffcdb9b2e0e59c1aa8505538e17abbd175ca40724b2a9452da84653673
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan