gootkit | daf467c1c3d8cc8f7f692afa01d60027e310070b28e467e7b75f638025c95296 | Triage

Sharing

General

Target

daf467c1c3d8cc8f7f692afa01d60027e310070b28e467e7b75f638025c95296
Size

189KB
Sample

220625-jm2pqseab5
MD5

70a6c66362517d855bbdd73568329da6
SHA1

61891b1f935071b98d64708b2c444083e1f4e2e2
SHA256

daf467c1c3d8cc8f7f692afa01d60027e310070b28e467e7b75f638025c95296
SHA512

3eccec491b7feffd5bc56792b66ec9d164ff1e3c84dfb44c70dbf536608b3f23fef898bd7a5f1759105770562e8399b2b25147b2cc462d28140389a0dd9fe565

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  daf467c1c3d8cc8f7f692afa01d60027e310070b28e467e7b75f638025c95296
- Size
  
  189KB
- MD5
  
  70a6c66362517d855bbdd73568329da6
- SHA1
  
  61891b1f935071b98d64708b2c444083e1f4e2e2
- SHA256
  
  daf467c1c3d8cc8f7f692afa01d60027e310070b28e467e7b75f638025c95296
- SHA512
  
  3eccec491b7feffd5bc56792b66ec9d164ff1e3c84dfb44c70dbf536608b3f23fef898bd7a5f1759105770562e8399b2b25147b2cc462d28140389a0dd9fe565
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan